Lucene search
AmazonALAS-2015-510HistoryApr 17, 2015 - 12:04 p.m.
Low: php55
2015-04-1712:04:00
alas.aws.amazon.com
30
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.615 Medium
EPSS
Percentile
97.8%
Issue Overview:
A use-after-free flaw was found in PHP’s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. (CVE-2015-1351)
A NULL pointer dereference flaw was found in PHP’s pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. (CVE-2015-1352)
A buffer overflow flaw was found in the way PHP’s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-3329)
Affected Packages:
php55
Issue Correction:
Run yum update php55 to update your system.
New Packages:
i686:
php55-tidy-5.5.24-1.100.amzn1.i686
php55-process-5.5.24-1.100.amzn1.i686
php55-snmp-5.5.24-1.100.amzn1.i686
php55-enchant-5.5.24-1.100.amzn1.i686
php55-opcache-5.5.24-1.100.amzn1.i686
php55-mssql-5.5.24-1.100.amzn1.i686
php55-pgsql-5.5.24-1.100.amzn1.i686
php55-gmp-5.5.24-1.100.amzn1.i686
php55-xml-5.5.24-1.100.amzn1.i686
php55-ldap-5.5.24-1.100.amzn1.i686
php55-debuginfo-5.5.24-1.100.amzn1.i686
php55-mysqlnd-5.5.24-1.100.amzn1.i686
php55-dba-5.5.24-1.100.amzn1.i686
php55-odbc-5.5.24-1.100.amzn1.i686
php55-devel-5.5.24-1.100.amzn1.i686
php55-common-5.5.24-1.100.amzn1.i686
php55-imap-5.5.24-1.100.amzn1.i686
php55-recode-5.5.24-1.100.amzn1.i686
php55-mbstring-5.5.24-1.100.amzn1.i686
php55-pdo-5.5.24-1.100.amzn1.i686
php55-pspell-5.5.24-1.100.amzn1.i686
php55-gd-5.5.24-1.100.amzn1.i686
php55-bcmath-5.5.24-1.100.amzn1.i686
php55-5.5.24-1.100.amzn1.i686
php55-xmlrpc-5.5.24-1.100.amzn1.i686
php55-intl-5.5.24-1.100.amzn1.i686
php55-embedded-5.5.24-1.100.amzn1.i686
php55-mcrypt-5.5.24-1.100.amzn1.i686
php55-soap-5.5.24-1.100.amzn1.i686
php55-cli-5.5.24-1.100.amzn1.i686
php55-fpm-5.5.24-1.100.amzn1.i686
src:
php55-5.5.24-1.100.amzn1.src
x86_64:
php55-dba-5.5.24-1.100.amzn1.x86_64
php55-mysqlnd-5.5.24-1.100.amzn1.x86_64
php55-process-5.5.24-1.100.amzn1.x86_64
php55-cli-5.5.24-1.100.amzn1.x86_64
php55-imap-5.5.24-1.100.amzn1.x86_64
php55-mcrypt-5.5.24-1.100.amzn1.x86_64
php55-embedded-5.5.24-1.100.amzn1.x86_64
php55-snmp-5.5.24-1.100.amzn1.x86_64
php55-intl-5.5.24-1.100.amzn1.x86_64
php55-common-5.5.24-1.100.amzn1.x86_64
php55-gmp-5.5.24-1.100.amzn1.x86_64
php55-ldap-5.5.24-1.100.amzn1.x86_64
php55-pdo-5.5.24-1.100.amzn1.x86_64
php55-fpm-5.5.24-1.100.amzn1.x86_64
php55-bcmath-5.5.24-1.100.amzn1.x86_64
php55-tidy-5.5.24-1.100.amzn1.x86_64
php55-opcache-5.5.24-1.100.amzn1.x86_64
php55-enchant-5.5.24-1.100.amzn1.x86_64
php55-mbstring-5.5.24-1.100.amzn1.x86_64
php55-devel-5.5.24-1.100.amzn1.x86_64
php55-gd-5.5.24-1.100.amzn1.x86_64
php55-debuginfo-5.5.24-1.100.amzn1.x86_64
php55-soap-5.5.24-1.100.amzn1.x86_64
php55-xmlrpc-5.5.24-1.100.amzn1.x86_64
php55-pgsql-5.5.24-1.100.amzn1.x86_64
php55-pspell-5.5.24-1.100.amzn1.x86_64
php55-5.5.24-1.100.amzn1.x86_64
php55-xml-5.5.24-1.100.amzn1.x86_64
php55-mssql-5.5.24-1.100.amzn1.x86_64
php55-recode-5.5.24-1.100.amzn1.x86_64
php55-odbc-5.5.24-1.100.amzn1.x86_64
Additional References
Red Hat: CVE-2015-1351, CVE-2015-1352, CVE-2015-3329
Mitre: CVE-2015-1351, CVE-2015-1352, CVE-2015-3329
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | php55-tidy | < 5.5.24-1.100.amzn1 | php55-tidy-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-process | < 5.5.24-1.100.amzn1 | php55-process-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-snmp | < 5.5.24-1.100.amzn1 | php55-snmp-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-enchant | < 5.5.24-1.100.amzn1 | php55-enchant-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-opcache | < 5.5.24-1.100.amzn1 | php55-opcache-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-mssql | < 5.5.24-1.100.amzn1 | php55-mssql-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-pgsql | < 5.5.24-1.100.amzn1 | php55-pgsql-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-gmp | < 5.5.24-1.100.amzn1 | php55-gmp-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-xml | < 5.5.24-1.100.amzn1 | php55-xml-5.5.24-1.100.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php55-ldap | < 5.5.24-1.100.amzn1 | php55-ldap-5.5.24-1.100.amzn1.i686.rpm |
Related
nessus
nessus
Amazon Linux AMI : php56 (ALAS-2015-511)
2015-04-20 00:00:00
Amazon Linux AMI : php55 (ALAS-2015-510)
2015-04-20 00:00:00
Fedora 22 : php-5.6.8-1.fc22 (2015-6195)
2015-04-23 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-511)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-510)
2015-09-08 00:00:00
Fedora Update for php FEDORA-2015-6195
2015-07-07 00:00:00
amazon
amazon
Low: php56
2015-04-17 12:04:00
Important: php54
2015-04-17 12:04:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.8-1.fc22
2015-04-22 22:52:07
[SECURITY] Fedora 21 Update: php-5.6.8-1.fc21
2015-04-23 16:11:13
[SECURITY] Fedora 20 Update: php-5.5.24-1.fc20
2015-04-27 08:39:40
archlinux
archlinux
php: multiple issues
2015-04-17 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2015-03-04 00:16:02
Updated php packages fix security vulnerabilities
2015-04-25 23:15:07
securityvulns
securityvulns
PHP multiple security vulnerabilities
2015-02-22 00:00:00
[USN-2501-1] PHP vulnerabilities
2015-02-22 00:00:00
PHP security vulnerabilities
2015-05-05 00:00:00
f5
f5
K35239571 : PHP vulnerability CVE-2015-3329
2016-07-05 00:00:00
SOL16976 - PHP vulnerability CVE-2015-1352
2015-07-16 00:00:00
SOL35239571 - PHP vulnerability CVE-2015-3329
2016-07-05 00:00:00
ubuntucve
ubuntucve
cve
cve
freebsd
freebsd
Several vulnerabilities found in PHP
2015-04-16 00:00:00
prion
prion
Null pointer dereference
2015-03-30 10:59:00
Design/Logic Flaw
2015-03-30 10:59:00
Stack overflow
2015-06-09 18:59:00
hackerone
hackerone
ubuntu
ubuntu
PHP vulnerabilities
2015-02-17 00:00:00
PHP vulnerabilities
2015-04-20 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Multiple Function Stack Buffer Overflow (CVE-2015-3329; CVE-2016-10159)
2015-07-23 00:00:00
suse
suse
Security update for php5 (important)
2015-05-12 17:05:25
Security update for php5 (important)
2015-05-13 15:07:04
Security update for php53 (important)
2016-06-21 13:08:17
slackware
slackware
[slackware-security] php
2015-04-22 01:22:40
veracode
veracode
Use-After-Free
2019-05-02 05:39:23
Null Pointer Dereference
2019-05-02 05:39:23
Remote Code Execution (RCE) Via Memory Corruption
2019-05-02 05:39:23
debian
debian
[SECURITY] [DSA 3280-1] php5 security update
2015-06-07 17:06:52
[SECURITY] [DLA 212-1] php5 security update
2015-04-29 20:45:33
oraclelinux
oraclelinux
php55 security and bug fix update
2016-02-04 00:00:00
php55-php security update
2016-02-04 00:00:00
php54-php security update
2016-02-04 00:00:00
osv
osv
php5 - security update
2015-06-07 00:00:00
php5 - security update
2015-04-29 00:00:00
redhat
redhat
(RHSA-2015:1053) Moderate: php55 security and bug fix update
2015-06-04 00:00:00
(RHSA-2015:1066) Important: php54 security and bug fix update
2015-06-04 00:00:00
(RHSA-2015:1187) Important: rh-php56-php security update
2015-06-25 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
kaspersky
kaspersky
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
centos
centos
php security update
2015-07-09 19:23:41
php security update
2015-06-24 03:28:02
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.615 Medium
EPSS
Percentile
97.8%
Related for ALAS-2015-510