var-201605-0133
Vulnerability from variot

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community; Fileinfo is one of them used to display file attributes and support batch modification of its Components of properties. The vulnerability stems from the fact that the program does not correctly handle continuation-level jumps. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, 7.x prior to 7.0.5, and prior to file 5.23. ============================================================================ Ubuntu Security Notice USN-2984-1 May 24, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)

Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078)

It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)

It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070)

It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)

It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)

It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)

It was discovered that the PHP phar extension incorrectly handled certain archive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343)

It was discovered that the PHP bcpowmod() function incorrectly handled memory. (CVE-2016-4537, CVE-2016-4538)

It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. (CVE-2016-4539)

It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. (CVE-2016-4540, CVE-2016-4541)

It was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.4-7ubuntu2.1 php7.0-cgi 7.0.4-7ubuntu2.1 php7.0-cli 7.0.4-7ubuntu2.1 php7.0-fpm 7.0.4-7ubuntu2.1

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.4 php5-cgi 5.6.11+dfsg-1ubuntu3.4 php5-cli 5.6.11+dfsg-1ubuntu3.4 php5-fpm 5.6.11+dfsg-1ubuntu3.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.17 php5-cgi 5.5.9+dfsg-1ubuntu4.17 php5-cli 5.5.9+dfsg-1ubuntu4.17 php5-fpm 5.5.9+dfsg-1ubuntu4.17

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.23 php5-cgi 5.3.10-1ubuntu3.23 php5-cli 5.3.10-1ubuntu3.23 php5-fpm 5.3.10-1ubuntu3.23

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 =====================================================================

  1. Summary:

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.

The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)

Security Fixes in the rh-php56-php component:

  • Several Moderate and Low impact security issues were found in PHP. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)

  • Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)

Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731 Version: 1

HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-08-19 Last Updated: 2016-08-19

Potential Security Impact: Local Denial of Service (DoS), Elevation of Privilege, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Disclosure of Information, Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory.

References:

- CVE-2016-1238 - Perl Local Elevation of Privilege
- CVE-2016-2381 - Perl Remote Unauthorized Modification
- CVE-2014-4330 - Perl Local Denial of Service (DoS)

    **Note:** applies only for the H/J-series SPR. Fix was already

provided in a previous L-series SPR. OSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and T1203L01^AAC

*Impacted releases:*

- L15.02
- L15.08.00, L15.08.01
- L16.05.00

- J06.14 through J06.16.02
- J06.17.00, J06.17.01
- J06.18.00, J06.18.01
- J06.19.00, J06.19.01, J06.19.02
- J06.20.00

- H06.25 through H06.26.01
- H06.27.00, H06.27.01
- H06.28.00, H06.28.01
- H06.29.00, H06.29.01

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2013-7456
  7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-4330
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8383
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8386
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8387
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8389
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8390
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8391
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

CVE-2015-8393
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-8394
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8607
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8853
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8865
  7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8874
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-1238
  6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVE-2016-1903
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-2381
  6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-2016-2554
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-3074
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4070
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-4071
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4072
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4073
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4342
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE-2016-4343
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-4537
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4538
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4539
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4540
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4541
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4542
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4543
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4544
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5093
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5094
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5096
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5114
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-5766
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5767
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5768
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5769
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5770
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5771
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5772
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5773
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has released the following software updates to resolve the vulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP.

Install one of the SPRs below as appropriate for the system's release version:

  • L-Series:

    • T1203L01^AAE (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • L15.02 through L16.05.00
  • H and J-Series:

    • T1203H01^AAF (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • J06.14 through J06.20.00

      • H06.25 through H06.29.01

Note: Please refer to NonStop Hotstuff HS03333 for more information.

HISTORY Version:1 (rev.1) - 19 August 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.


Gentoo Linux Security Advisory GLSA 201701-42


                                       https://security.gentoo.org/

Severity: Normal Title: file: Multiple vulnerabilities Date: January 17, 2017 Bugs: #526544, #538660, #539106, #579306 ID: 201701-42


Synopsis

Multiple vulnerabilities have been found in file, the worst of which could allow remote attackers to execute arbitrary code.

Background

file is a utility that guesses a file format by scanning binary data for patterns.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 sys-apps/file < 5.23 >= 5.23

Description

Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All file users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/file-5.23"

References

[ 1 ] CVE-2014-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710 [ 2 ] CVE-2014-9652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9652 [ 3 ] CVE-2014-9653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9653 [ 4 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-42

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0133",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.15"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.33"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.20"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.5.33",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-8865",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-8865",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-86826",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.3,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-8865",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-8865",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-556",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-86826",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-8865",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community; Fileinfo is one of them used to display file attributes and support batch modification of its Components of properties. The vulnerability stems from the fact that the program does not correctly handle continuation-level jumps. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, 7.x prior to 7.0.5, and prior to file 5.23. ============================================================================\nUbuntu Security Notice USN-2984-1\nMay 24, 2016\n\nphp5, php7.0 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)\n\nHans Jerry Illikainen discovered that the PHP Zip extension incorrectly\nhandled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. \n(CVE-2016-3078)\n\nIt was discovered that PHP incorrectly handled invalid indexes in the\nSplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)\n\nIt was discovered that the PHP rawurlencode() function incorrectly handled\nlarge strings. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n16.04 LTS. (CVE-2016-4070)\n\nIt was discovered that the PHP php_snmp_error() function incorrectly\nhandled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfilenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)\n\nIt was discovered that the PHP mb_strcut() function incorrectly handled\nstring formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\narchive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-4342, CVE-2016-4343)\n\nIt was discovered that the PHP bcpowmod() function incorrectly handled\nmemory. \n(CVE-2016-4537, CVE-2016-4538)\n\nIt was discovered that the PHP XML parser incorrectly handled certain\nmalformed XML data. (CVE-2016-4539)\n\nIt was discovered that certain PHP grapheme functions incorrectly handled\nnegative offsets. (CVE-2016-4540,\nCVE-2016-4541)\n\nIt was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543,\nCVE-2016-4544)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.4-7ubuntu2.1\n  php7.0-cgi                      7.0.4-7ubuntu2.1\n  php7.0-cli                      7.0.4-7ubuntu2.1\n  php7.0-fpm                      7.0.4-7ubuntu2.1\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.4\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.4\n  php5-cli                        5.6.11+dfsg-1ubuntu3.4\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.17\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.17\n  php5-cli                        5.5.9+dfsg-1ubuntu4.17\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.17\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.23\n  php5-cgi                        5.3.10-1ubuntu3.23\n  php5-cli                        5.3.10-1ubuntu3.23\n  php5-fpm                        5.3.10-1ubuntu3.23\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2016:2750-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2750.html\nIssue date:        2016-11-15\nCVE Names:         CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 \n                   CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 \n                   CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 \n                   CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 \n                   CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 \n                   CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 \n                   CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 \n                   CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 \n                   CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 \n                   CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 \n                   CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 \n                   CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 \n                   CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 \n                   CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 \n                   CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 \n                   CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 \n                   CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 \n                   CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 \n                   CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 \n                   CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 \n                   CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 \n                   CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 \n                   CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 \n                   CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 \n                   CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 \n                   CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 \n                   CVE-2016-7132 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php56, rh-php56-php, and rh-php56-php-pear is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The rh-php56 packages provide a recent stable release of PHP\nwith PEAR 1.9.5 and enhanced language features including constant\nexpressions, variadic functions, arguments unpacking, and the interactive\ndebuger. The memcache, mongo, and XDebug extensions are also included. \n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-7456,\nCVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,\nCVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,\nCVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,\nCVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,\nCVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,\nCVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,\nCVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,\nCVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,\nCVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,\nCVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,\nCVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,\nCVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,\nCVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the\nrh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,\nCVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,\nCVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,\nCVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()\n1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)\n1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)\n1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)\n1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories\n1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)\n1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)\n1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)\n1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)\n1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)\n1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)\n1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)\n1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)\n1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)\n1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c\n1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated\n1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent\n1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives\n1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()\n1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data\n1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd\n1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method\n1323103 - CVE-2016-4073 php: Negative size parameter in memcpy\n1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \\0 inside name\n1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()\n1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode\n1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file\n1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads\n1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure\n1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()\n1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition\n1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input\n1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used\n1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used\n1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow\n1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c\n1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects\n1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches\n1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns\n1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal\n1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread\n1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc\n1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()\n1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()\n1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow\n1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec\n1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread\n1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize\n1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351603 - CVE-2016-6128 gd: Invalid color index not properly handled\n1358395 - CVE-2016-5399 php: Improper error handling in bzread()\n1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex\n1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization\n1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment\n1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()\n1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http\n1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()\n1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c\n1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex\n1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object\n1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability\n1374699 - CVE-2016-7126 php: select_colors write out-of-bounds\n1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access\n1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF\n1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access\n1374707 - CVE-2016-7130 php: wddx_deserialize null dereference\n1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml\n1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7456\nhttps://access.redhat.com/security/cve/CVE-2014-9767\nhttps://access.redhat.com/security/cve/CVE-2015-2325\nhttps://access.redhat.com/security/cve/CVE-2015-2326\nhttps://access.redhat.com/security/cve/CVE-2015-2327\nhttps://access.redhat.com/security/cve/CVE-2015-2328\nhttps://access.redhat.com/security/cve/CVE-2015-3210\nhttps://access.redhat.com/security/cve/CVE-2015-3217\nhttps://access.redhat.com/security/cve/CVE-2015-5073\nhttps://access.redhat.com/security/cve/CVE-2015-8381\nhttps://access.redhat.com/security/cve/CVE-2015-8383\nhttps://access.redhat.com/security/cve/CVE-2015-8384\nhttps://access.redhat.com/security/cve/CVE-2015-8385\nhttps://access.redhat.com/security/cve/CVE-2015-8386\nhttps://access.redhat.com/security/cve/CVE-2015-8388\nhttps://access.redhat.com/security/cve/CVE-2015-8391\nhttps://access.redhat.com/security/cve/CVE-2015-8392\nhttps://access.redhat.com/security/cve/CVE-2015-8395\nhttps://access.redhat.com/security/cve/CVE-2015-8835\nhttps://access.redhat.com/security/cve/CVE-2015-8865\nhttps://access.redhat.com/security/cve/CVE-2015-8866\nhttps://access.redhat.com/security/cve/CVE-2015-8867\nhttps://access.redhat.com/security/cve/CVE-2015-8873\nhttps://access.redhat.com/security/cve/CVE-2015-8874\nhttps://access.redhat.com/security/cve/CVE-2015-8876\nhttps://access.redhat.com/security/cve/CVE-2015-8877\nhttps://access.redhat.com/security/cve/CVE-2015-8879\nhttps://access.redhat.com/security/cve/CVE-2016-1903\nhttps://access.redhat.com/security/cve/CVE-2016-2554\nhttps://access.redhat.com/security/cve/CVE-2016-3074\nhttps://access.redhat.com/security/cve/CVE-2016-3141\nhttps://access.redhat.com/security/cve/CVE-2016-3142\nhttps://access.redhat.com/security/cve/CVE-2016-4070\nhttps://access.redhat.com/security/cve/CVE-2016-4071\nhttps://access.redhat.com/security/cve/CVE-2016-4072\nhttps://access.redhat.com/security/cve/CVE-2016-4073\nhttps://access.redhat.com/security/cve/CVE-2016-4342\nhttps://access.redhat.com/security/cve/CVE-2016-4343\nhttps://access.redhat.com/security/cve/CVE-2016-4473\nhttps://access.redhat.com/security/cve/CVE-2016-4537\nhttps://access.redhat.com/security/cve/CVE-2016-4538\nhttps://access.redhat.com/security/cve/CVE-2016-4539\nhttps://access.redhat.com/security/cve/CVE-2016-4540\nhttps://access.redhat.com/security/cve/CVE-2016-4541\nhttps://access.redhat.com/security/cve/CVE-2016-4542\nhttps://access.redhat.com/security/cve/CVE-2016-4543\nhttps://access.redhat.com/security/cve/CVE-2016-4544\nhttps://access.redhat.com/security/cve/CVE-2016-5093\nhttps://access.redhat.com/security/cve/CVE-2016-5094\nhttps://access.redhat.com/security/cve/CVE-2016-5096\nhttps://access.redhat.com/security/cve/CVE-2016-5114\nhttps://access.redhat.com/security/cve/CVE-2016-5399\nhttps://access.redhat.com/security/cve/CVE-2016-5766\nhttps://access.redhat.com/security/cve/CVE-2016-5767\nhttps://access.redhat.com/security/cve/CVE-2016-5768\nhttps://access.redhat.com/security/cve/CVE-2016-5770\nhttps://access.redhat.com/security/cve/CVE-2016-5771\nhttps://access.redhat.com/security/cve/CVE-2016-5772\nhttps://access.redhat.com/security/cve/CVE-2016-5773\nhttps://access.redhat.com/security/cve/CVE-2016-6128\nhttps://access.redhat.com/security/cve/CVE-2016-6207\nhttps://access.redhat.com/security/cve/CVE-2016-6288\nhttps://access.redhat.com/security/cve/CVE-2016-6289\nhttps://access.redhat.com/security/cve/CVE-2016-6290\nhttps://access.redhat.com/security/cve/CVE-2016-6291\nhttps://access.redhat.com/security/cve/CVE-2016-6292\nhttps://access.redhat.com/security/cve/CVE-2016-6294\nhttps://access.redhat.com/security/cve/CVE-2016-6295\nhttps://access.redhat.com/security/cve/CVE-2016-6296\nhttps://access.redhat.com/security/cve/CVE-2016-6297\nhttps://access.redhat.com/security/cve/CVE-2016-7124\nhttps://access.redhat.com/security/cve/CVE-2016-7125\nhttps://access.redhat.com/security/cve/CVE-2016-7126\nhttps://access.redhat.com/security/cve/CVE-2016-7127\nhttps://access.redhat.com/security/cve/CVE-2016-7128\nhttps://access.redhat.com/security/cve/CVE-2016-7129\nhttps://access.redhat.com/security/cve/CVE-2016-7130\nhttps://access.redhat.com/security/cve/CVE-2016-7131\nhttps://access.redhat.com/security/cve/CVE-2016-7132\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs\nUCuj+0gWfBsWXOgFhgH0uL8=\n=FcPG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05240731\nVersion: 1\n\nHPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and\nPHP, Multiple Local and Remote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-08-19\nLast Updated: 2016-08-19\n\nPotential Security Impact: Local Denial of Service (DoS), Elevation of\nPrivilege, Remote Denial of Service (DoS), Execution of Arbitrary Code,\nUnauthorized Disclosure of Information, Unauthorized Modification\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential remote and local vulnerabilities impacting Perl and PHP\nhave been addressed by HPE NonStop Servers OSS Script Languages. The\nvulnerabilities include Perl\u0027s opportunistic loading of optional modules\nwhich might allow local users to gain elevation of privilege via a Trojan\nhorse library under the current working directory. \n\nReferences:\n\n    - CVE-2016-1238 - Perl Local Elevation of Privilege\n    - CVE-2016-2381 - Perl Remote Unauthorized Modification\n    - CVE-2014-4330 - Perl Local Denial of Service (DoS)\n\n        **Note:** applies only for the H/J-series SPR. Fix was already\nprovided in a previous L-series SPR. \nOSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and\nT1203L01^AAC\n\n    *Impacted releases:*\n\n    - L15.02\n    - L15.08.00, L15.08.01\n    - L16.05.00\n\n    - J06.14 through J06.16.02\n    - J06.17.00, J06.17.01\n    - J06.18.00, J06.18.01\n    - J06.19.00, J06.19.01, J06.19.02\n    - J06.20.00\n\n    - H06.25 through H06.26.01\n    - H06.27.00, H06.27.01\n    - H06.28.00, H06.28.01\n    - H06.29.00, H06.29.01\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-7456\n      7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-4330\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8383\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8386\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8387\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8389\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8390\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8391\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)\n\n    CVE-2015-8393\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-8394\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8607\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8853\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8865\n      7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8874\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-1238\n      6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\n      6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-1903\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-2381\n      6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    CVE-2016-2554\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-3074\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4070\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-4071\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4072\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4073\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4342\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n    CVE-2016-4343\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4537\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4538\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4539\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4540\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4541\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4542\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4543\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4544\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5093\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5094\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5096\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5114\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-5766\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5767\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5768\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5769\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5770\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5771\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5772\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5773\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has released the following software updates to resolve the\nvulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP. \n\nInstall one of the SPRs below as appropriate for the system\u0027s release\nversion:\n\n  + L-Series:\n\n    * T1203L01^AAE (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n        - L15.02 through L16.05.00\n\n  + H and J-Series:\n\n    * T1203H01^AAF (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n         - J06.14 through J06.20.00\n\n         - H06.25 through H06.29.01\n\n**Note:** Please refer to *NonStop Hotstuff HS03333* for more information. \n\nHISTORY\nVersion:1 (rev.1) - 19 August 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201701-42\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: file: Multiple vulnerabilities\n     Date: January 17, 2017\n     Bugs: #526544, #538660, #539106, #579306\n       ID: 201701-42\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in file, the worst of which\ncould allow remote attackers to execute arbitrary code. \n\nBackground\n==========\n\nfile is a utility that guesses a file format by scanning binary data\nfor patterns. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  sys-apps/file                 \u003c 5.23                     \u003e= 5.23\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in file. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll file users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=sys-apps/file-5.23\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-3710\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710\n[ 2 ] CVE-2014-9652\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9652\n[ 3 ] CVE-2014-9653\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9653\n[ 4 ] CVE-2015-8865\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-42\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-8865",
        "trust": 3.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/04/24/1",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "85802",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "148367",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "137174",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "139968",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136841",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137086",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-86826",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139729",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138463",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140540",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148192",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "id": "VAR-201605-0133",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:54:39.932000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206567"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206567"
      },
      {
        "title": "PR/454: Fix memory corruption when the continuation level jumps by more than",
        "trust": 0.8,
        "url": "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36"
      },
      {
        "title": "0000522: Buffer over-write in PHP function finfo_open with malformed magic file. (uses libmagic)",
        "trust": 0.8,
        "url": "http://bugs.gw.com/view.php?id=522"
      },
      {
        "title": "Sec Bug #71527",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=71527"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "PHP 7 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-7.php"
      },
      {
        "title": "Fixed bug #71527 Buffer over-write in finfo_open with malformed magic file",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e"
      },
      {
        "title": "PHP Fileinfo Fixes for component buffer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61239"
      },
      {
        "title": "Debian CVElist Bug Report Logs: file: CVE-2015-8865: file_check_mem() misbehaves on some input",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=357578556d837956c999174963fd2eea"
      },
      {
        "title": "Ubuntu Security Notice: file vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3686-2"
      },
      {
        "title": "Red Hat: CVE-2015-8865",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-8865"
      },
      {
        "title": "Ubuntu Security Notice: file vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3686-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3560-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f33dfec360e1186a6d0f52314de3ce6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-698",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-698"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2984-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: hhvm: Various CVEs (CVE-2014-9709 CVE-2015-8865 CVE-2016-1903 CVE-2016-4070 CVE-2016-4539 CVE-2016-6870 CVE-2016-6871 CVE-2016-6872 CVE-2016-6873 CVE-2016-6874 CVE-2016-6875)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=98d16dc1a3e1824eeb9ad5c28e1a0a02"
      },
      {
        "title": "Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162750 - security advisory"
      },
      {
        "title": "Apple: OS X El Capitan v10.11.5 and Security Update 2016-003",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3c550201b398ce302f3a9adf27215fda"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://bugs.gw.com/view.php?id=522"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=71527"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206567"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201701-42"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2750.html"
      },
      {
        "trust": 1.3,
        "url": "https://usn.ubuntu.com/3686-2/"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/85802"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05240731"
      },
      {
        "trust": 1.2,
        "url": "http://www.debian.org/security/2016/dsa-3560"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201611-22"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-2"
      },
      {
        "trust": 1.2,
        "url": "https://usn.ubuntu.com/3686-1/"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=fe13566c93f118a15a96320a546c7878fd0cfc5e"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8865"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8865"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4073"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/usn/usn-3686-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10360"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8386"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8391"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8383"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8874"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-apachemodphp-cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3132"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.4-7ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.17"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2984-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3686-2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4473"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8853"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05240731"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8389"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8390"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9653"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/file/1:5.25-2ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9621"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/file/1:5.32-2ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9620"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/file/1:5.32-1ubuntu0.1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "date": "2016-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "date": "2016-05-24T23:31:17",
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "date": "2018-06-29T00:19:16",
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "date": "2016-11-15T16:44:45",
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "date": "2016-08-22T18:18:17",
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "date": "2017-01-17T15:34:19",
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "date": "2018-06-14T15:57:22",
        "db": "PACKETSTORM",
        "id": "148192"
      },
      {
        "date": "2016-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "date": "2016-05-20T10:59:00.137000",
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "date": "2018-06-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "date": "2016-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "date": "2016-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "date": "2023-11-07T02:28:44.817000",
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  Fileinfo Used by components  file of  funcs.c of  file_check_mem Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.