Lucene search
AmazonALAS-2015-511HistoryApr 17, 2015 - 12:04 p.m.
Low: php56
2015-04-1712:04:00
alas.aws.amazon.com
17
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.615 Medium
EPSS
Percentile
97.8%
Issue Overview:
A use-after-free flaw was found in PHP’s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. (CVE-2015-1351)
A NULL pointer dereference flaw was found in PHP’s pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. (CVE-2015-1352)
A buffer overflow flaw was found in the way PHP’s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-3329)
Affected Packages:
php56
Issue Correction:
Run yum update php56 to update your system.
New Packages:
i686:
php56-recode-5.6.8-1.111.amzn1.i686
php56-process-5.6.8-1.111.amzn1.i686
php56-opcache-5.6.8-1.111.amzn1.i686
php56-odbc-5.6.8-1.111.amzn1.i686
php56-common-5.6.8-1.111.amzn1.i686
php56-xmlrpc-5.6.8-1.111.amzn1.i686
php56-enchant-5.6.8-1.111.amzn1.i686
php56-intl-5.6.8-1.111.amzn1.i686
php56-bcmath-5.6.8-1.111.amzn1.i686
php56-mysqlnd-5.6.8-1.111.amzn1.i686
php56-ldap-5.6.8-1.111.amzn1.i686
php56-fpm-5.6.8-1.111.amzn1.i686
php56-cli-5.6.8-1.111.amzn1.i686
php56-devel-5.6.8-1.111.amzn1.i686
php56-soap-5.6.8-1.111.amzn1.i686
php56-gmp-5.6.8-1.111.amzn1.i686
php56-debuginfo-5.6.8-1.111.amzn1.i686
php56-tidy-5.6.8-1.111.amzn1.i686
php56-mssql-5.6.8-1.111.amzn1.i686
php56-imap-5.6.8-1.111.amzn1.i686
php56-mcrypt-5.6.8-1.111.amzn1.i686
php56-pdo-5.6.8-1.111.amzn1.i686
php56-5.6.8-1.111.amzn1.i686
php56-dba-5.6.8-1.111.amzn1.i686
php56-snmp-5.6.8-1.111.amzn1.i686
php56-dbg-5.6.8-1.111.amzn1.i686
php56-mbstring-5.6.8-1.111.amzn1.i686
php56-pgsql-5.6.8-1.111.amzn1.i686
php56-xml-5.6.8-1.111.amzn1.i686
php56-gd-5.6.8-1.111.amzn1.i686
php56-embedded-5.6.8-1.111.amzn1.i686
php56-pspell-5.6.8-1.111.amzn1.i686
src:
php56-5.6.8-1.111.amzn1.src
x86_64:
php56-mbstring-5.6.8-1.111.amzn1.x86_64
php56-debuginfo-5.6.8-1.111.amzn1.x86_64
php56-ldap-5.6.8-1.111.amzn1.x86_64
php56-bcmath-5.6.8-1.111.amzn1.x86_64
php56-pdo-5.6.8-1.111.amzn1.x86_64
php56-snmp-5.6.8-1.111.amzn1.x86_64
php56-mssql-5.6.8-1.111.amzn1.x86_64
php56-tidy-5.6.8-1.111.amzn1.x86_64
php56-pgsql-5.6.8-1.111.amzn1.x86_64
php56-mysqlnd-5.6.8-1.111.amzn1.x86_64
php56-cli-5.6.8-1.111.amzn1.x86_64
php56-mcrypt-5.6.8-1.111.amzn1.x86_64
php56-dbg-5.6.8-1.111.amzn1.x86_64
php56-xml-5.6.8-1.111.amzn1.x86_64
php56-process-5.6.8-1.111.amzn1.x86_64
php56-intl-5.6.8-1.111.amzn1.x86_64
php56-odbc-5.6.8-1.111.amzn1.x86_64
php56-enchant-5.6.8-1.111.amzn1.x86_64
php56-gmp-5.6.8-1.111.amzn1.x86_64
php56-xmlrpc-5.6.8-1.111.amzn1.x86_64
php56-embedded-5.6.8-1.111.amzn1.x86_64
php56-dba-5.6.8-1.111.amzn1.x86_64
php56-gd-5.6.8-1.111.amzn1.x86_64
php56-imap-5.6.8-1.111.amzn1.x86_64
php56-devel-5.6.8-1.111.amzn1.x86_64
php56-recode-5.6.8-1.111.amzn1.x86_64
php56-opcache-5.6.8-1.111.amzn1.x86_64
php56-soap-5.6.8-1.111.amzn1.x86_64
php56-common-5.6.8-1.111.amzn1.x86_64
php56-fpm-5.6.8-1.111.amzn1.x86_64
php56-pspell-5.6.8-1.111.amzn1.x86_64
php56-5.6.8-1.111.amzn1.x86_64
Additional References
Red Hat: CVE-2015-1351, CVE-2015-1352, CVE-2015-3329
Mitre: CVE-2015-1351, CVE-2015-1352, CVE-2015-3329
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | php56-recode | < 5.6.8-1.111.amzn1 | php56-recode-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-process | < 5.6.8-1.111.amzn1 | php56-process-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-opcache | < 5.6.8-1.111.amzn1 | php56-opcache-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-odbc | < 5.6.8-1.111.amzn1 | php56-odbc-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-common | < 5.6.8-1.111.amzn1 | php56-common-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-xmlrpc | < 5.6.8-1.111.amzn1 | php56-xmlrpc-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-enchant | < 5.6.8-1.111.amzn1 | php56-enchant-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-intl | < 5.6.8-1.111.amzn1 | php56-intl-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-bcmath | < 5.6.8-1.111.amzn1 | php56-bcmath-5.6.8-1.111.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php56-mysqlnd | < 5.6.8-1.111.amzn1 | php56-mysqlnd-5.6.8-1.111.amzn1.i686.rpm |
Related
nessus
nessus
Amazon Linux AMI : php56 (ALAS-2015-511)
2015-04-20 00:00:00
Amazon Linux AMI : php55 (ALAS-2015-510)
2015-04-20 00:00:00
Fedora 20 : php-5.5.24-1.fc20 (2015-6399)
2015-04-28 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-511)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-510)
2015-09-08 00:00:00
Fedora Update for php FEDORA-2015-6195
2015-07-07 00:00:00
amazon
amazon
Low: php55
2015-04-17 12:04:00
Important: php54
2015-04-17 12:04:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.8-1.fc22
2015-04-22 22:52:07
[SECURITY] Fedora 20 Update: php-5.5.24-1.fc20
2015-04-27 08:39:40
[SECURITY] Fedora 21 Update: php-5.6.8-1.fc21
2015-04-23 16:11:13
archlinux
archlinux
php: multiple issues
2015-04-17 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2015-03-04 00:16:02
Updated php packages fix security vulnerabilities
2015-04-25 23:15:07
securityvulns
securityvulns
PHP multiple security vulnerabilities
2015-02-22 00:00:00
[USN-2501-1] PHP vulnerabilities
2015-02-22 00:00:00
PHP security vulnerabilities
2015-05-05 00:00:00
f5
f5
K35239571 : PHP vulnerability CVE-2015-3329
2016-07-05 00:00:00
SOL16976 - PHP vulnerability CVE-2015-1352
2015-07-16 00:00:00
SOL35239571 - PHP vulnerability CVE-2015-3329
2016-07-05 00:00:00
ubuntucve
ubuntucve
freebsd
freebsd
Several vulnerabilities found in PHP
2015-04-16 00:00:00
prion
prion
Design/Logic Flaw
2015-03-30 10:59:00
Stack overflow
2015-06-09 18:59:00
Null pointer dereference
2015-03-30 10:59:00
cve
cve
hackerone
hackerone
ubuntu
ubuntu
PHP vulnerabilities
2015-02-17 00:00:00
PHP vulnerabilities
2015-04-20 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Multiple Function Stack Buffer Overflow (CVE-2015-3329; CVE-2016-10159)
2015-07-23 00:00:00
slackware
slackware
[slackware-security] php
2015-04-22 01:22:40
suse
suse
Security update for php5 (important)
2015-05-12 17:05:25
Security update for php5 (important)
2015-05-13 15:07:04
Security update for php53 (important)
2016-06-21 13:08:17
veracode
veracode
Null Pointer Dereference
2019-05-02 05:39:23
Use-After-Free
2019-05-02 05:39:23
Denial Of Service (DoS)
2019-05-02 05:39:23
debian
debian
[SECURITY] [DSA 3280-1] php5 security update
2015-06-07 17:06:52
[SECURITY] [DLA 212-1] php5 security update
2015-04-29 20:45:33
oraclelinux
oraclelinux
php55 security and bug fix update
2016-02-04 00:00:00
php55-php security update
2016-02-04 00:00:00
php54-php security update
2016-02-04 00:00:00
redhat
redhat
(RHSA-2015:1053) Moderate: php55 security and bug fix update
2015-06-04 00:00:00
(RHSA-2015:1066) Important: php54 security and bug fix update
2015-06-04 00:00:00
(RHSA-2015:1186) Important: php55-php security update
2015-06-25 00:00:00
osv
osv
php5 - security update
2015-06-07 00:00:00
php5 - security update
2015-04-29 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
kaspersky
kaspersky
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
centos
centos
php security update
2015-07-09 19:23:41
php security update
2015-06-24 03:28:02
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.615 Medium
EPSS
Percentile
97.8%
Related for ALAS-2015-511