ID CVE-2015-0273 Type cve Reporter NVD Modified 2018-01-04T21:29:59
Description
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
{"result": {"f5": [{"id": "SOL16336", "type": "f5", "title": "SOL16336 - PHP vulnerability CVE-2015-0273", "description": "Recommended Action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2015-04-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16336.html", "cvelist": ["CVE-2015-0273"], "lastseen": "2016-09-26T17:23:27"}], "zdt": [{"id": "1337DAY-ID-23316", "type": "zdt", "title": "PHP DateTime Use After Free Vulnerability", "description": "Exploit for php platform in category dos / poc", "published": "2015-02-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://0day.today/exploit/description/23316", "cvelist": ["CVE-2015-0273"], "lastseen": "2018-03-13T14:07:57"}], "packetstorm": [{"id": "PACKETSTORM:130471", "type": "packetstorm", "title": "PHP DateTime Use-After-Free", "description": "", "published": "2015-02-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/130471/PHP-DateTime-Use-After-Free.html", "cvelist": ["CVE-2015-0273"], "lastseen": "2016-12-05T22:13:40"}], "exploitdb": [{"id": "EDB-ID:36158", "type": "exploitdb", "title": "PHP DateTime Use After Free Vulnerability", "description": "PHP DateTime Use After Free Vulnerability. CVE-2015-0273. Dos exploit for php platform", "published": "2015-02-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/36158/", "cvelist": ["CVE-2015-0273"], "lastseen": "2016-02-04T02:52:23"}], "freebsd": [{"id": "F7A9E415-BDCA-11E4-970C-000C292EE6B8", "type": "freebsd", "title": "php5 -- multiple vulnerabilities", "description": "\nThe PHP Project reports:\n\nUse after free vulnerability in unserialize() with DateTimeZone.\nMitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer\n\t overflow.\n\n", "published": "2015-02-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/f7a9e415-bdca-11e4-970c-000c292ee6b8.html", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2016-09-26T17:24:21"}], "suse": [{"id": "OPENSUSE-SU-2015:0440-1", "type": "suse", "title": "Security update for php5 (important)", "description": "php5 was updated to fix two security issues.\n\n These security issues were fixed:\n - CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150).\n - CVE-2015-0273: Use after free vulnerability in unserialize() with\n DateTimeZone (bnc#918768).\n\n", "published": "2015-03-06T11:04:50", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html", "cvelist": ["CVE-2015-0273", "CVE-2014-9652"], "lastseen": "2016-09-04T12:28:39"}, {"id": "SUSE-SU-2015:0424-1", "type": "suse", "title": "Security update for php5 (important)", "description": "php5 was updated to fix two security issues.\n\n These security issues were fixed:\n - CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150).\n - CVE-2015-0273: Use after free vulnerability in unserialize() with\n DateTimeZone (bnc#918768).\n\n", "published": "2015-03-04T16:04:57", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html", "cvelist": ["CVE-2015-0273", "CVE-2014-9652"], "lastseen": "2016-09-04T11:57:02"}, {"id": "SUSE-SU-2015:0436-1", "type": "suse", "title": "Security update for PHP 5.3 (important)", "description": "php5 has been updated to fix two security issues:\n\n * CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150).\n * CVE-2015-0273: Use after free vulnerability in unserialize() with\n DateTimeZone (bnc#918768).\n\n Security Issues:\n\n * CVE-2014-9652\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652</a>>\n * CVE-2013-6501\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6501\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6501</a>>\n\n", "published": "2015-03-05T21:04:56", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html", "cvelist": ["CVE-2015-0273", "CVE-2014-9652", "CVE-2013-6501"], "lastseen": "2016-09-04T12:43:05"}, {"id": "SUSE-SU-2016:1638-1", "type": "suse", "title": "Security update for php53 (important)", "description": "This update for php53 to version 5.3.17 fixes the following issues:\n\n These security issues were fixed:\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n - CVE-2016-5094: Don't create strings with lengths outside int range\n (bnc#982011).\n - CVE-2016-5095: Don't create strings with lengths outside int range\n (bnc#982012).\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP\n mishandles driver behavior for SQL_WVARCHAR columns, which allowed\n remote attackers to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the odbc_fetch_array\n function to access a certain type of Microsoft SQL Server table\n (bsc#981050).\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP allowed remote attackers to\n execute arbitrary code by triggering a failed SplMinHeap::compare\n operation (bsc#980366).\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed\n remote attackers to cause a denial of service via a crafted\n imagefilltoborder call (bsc#980375).\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c\n in PHP allowed remote attackers to cause a denial of service\n (segmentation fault) via recursive method calls (bsc#980373).\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829).\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829.\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP did not properly construct spprintf arguments, which allowed remote\n attackers to cause a denial of service (out-of-bounds read) or possibly\n have unspecified other impact via crafted header data (bsc#978830).\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c\n in PHP did not validate IFD sizes, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c\n in PHP did not validate TIFF start data, which allowed remote attackers\n to cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n accepted a negative integer for the scale argument, which allowed remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted call (bsc#978827).\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n modified certain data structures without considering whether they are\n copies of the _zero_, _one_, or _two_ global variable, which allowed\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted call (bsc#978827).\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in\n PHP allowed remote attackers to cause a denial of service (buffer\n under-read and segmentation fault) or possibly have unspecified other\n impact via crafted XML data in the second argument, leading to a parser\n level of zero (bsc#978828).\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length\n uncompressed data, which allowed remote attackers to cause a denial of\n service (heap memory corruption) or possibly have unspecified other\n impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n - CVE-2016-4346: Integer overflow in the str_pad function in\n ext/standard/string.c in PHP allowed remote attackers to cause a denial\n of service or possibly have unspecified other impact via a long string,\n leading to a heap-based buffer overflow (bsc#977994).\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted mb_strcut call (bsc#977003).\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP incorrectly relied on the deprecated\n RAND_pseudo_bytes function, which made it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors\n (bsc#977005).\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in\n ext/standard/url.c in PHP allowed remote attackers to cause a denial of\n service (application crash) via a long string to the rawurlencode\n function (bsc#976997).\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not\n isolate each thread from libxml_disable_entity_loader changes in other\n threads, which allowed remote attackers to conduct XML External Entity\n (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,\n a related issue to CVE-2015-5161 (bsc#976996).\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to\n mean that SSL is optional, which allowed man-in-the-middle attackers to\n spoof servers via a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed\n remote attackers to cause a denial of service (NULL pointer dereference,\n type confusion, and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a numerically indexed\n _cookies array, related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#973351).\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP allowed remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly have unspecified\n other impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a PK\\x05\\x06\n signature at an invalid location (bsc#971912).\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in PHP\n ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary\n empty directories via a crafted ZIP archive (bsc#971612).\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP\n allowed remote attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a crafted TAR\n archive (bsc#968284).\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in\n PHP allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a file that did not\n exist (bsc#949961).\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP\n allowed remote attackers to execute arbitrary code via vectors involving\n (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,\n which are mishandled during unserialization (bsc#942291).\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class\n in PHP allowed remote attackers to write to arbitrary files via a ..\n (dot dot) in a ZIP archive entry that is mishandled during an extractTo\n call (bsc#942296.\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP\n did not properly manage headers, which allowed remote attackers to\n execute arbitrary code via crafted serialized data that triggers a "type\n confusion" in the serialize_function_call function (bsc#945428).\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation during initial error checking, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference and application\n crash) via a crafted XML document, a different vulnerability than\n CVE-2015-6838 (bsc#945412).\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation after the principal argument loop, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a different vulnerability\n than CVE-2015-6837 (bsc#945412).\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath\n function in ext/phar/phar.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an e-mail attachment by\n the imap PHP extension (bsc#938719).\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file pointer a close\n operation, which allowed remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a Phar::convertToData call\n (bsc#938721).\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935224).\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in\n PHP allowed remote attackers to obtain sensitive information, cause a\n denial of service (application crash), or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935226).\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote\n attackers to cause a denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type, related to "type\n confusion" issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,\n (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,\n and (6) SoapClient::__setCookie methods (bsc#935226).\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via an unexpected\n data type, related to "type confusion" issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)\n ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n - CVE-2015-4603: The exception::getTraceAsString function in\n Zend/zend_exceptions.c in PHP allowed remote attackers to execute\n arbitrary code via an unexpected data type, related to a "type\n confusion" issue (bsc#935234).\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the\n PostgreSQL (aka pgsql) extension in PHP did not validate token\n extraction for table names, which might allowed remote attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) via a crafted name. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1352 (bsc#935274).\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2015-4022 (bsc#935275).\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n load method, (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as demonstrated by a\n filename\\0.xml attack that bypasses an intended configuration in which\n client users may read only .xml files (bsc#935227).\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read arbitrary files via\n crafted input to an application that calls the\n stream_resolve_include_path function in ext/standard/streamsfuncs.c, as\n demonstrated by a filename\\0.extension attack that bypasses an intended\n configuration in which client users may read files with only one\n specific extension (bsc#935229).\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n save method or (2) the GD imagepsloadfont function, as demonstrated by a\n filename\\0.html attack that bypasses an intended configuration in which\n client users may write to only .html files (bsc#935232).\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did\n not verify that the uri property is a string, which allowed remote\n attackers to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a "type confusion"\n issue (bsc#933227).\n - CVE-2015-4024: Algorithmic complexity vulnerability in the\n multipart_buffer_headers function in main/rfc1867.c in PHP allowed\n remote attackers to cause a denial of service (CPU consumption) via\n crafted form data that triggers an improper order-of-growth outcome\n (bsc#931421).\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname\n upon encountering a \\x00 character, which might allowed remote attackers\n to bypass intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow (bsc#931772).\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP\n did not verify that the first character of a filename is different from\n the \\0 character, which allowed remote attackers to cause a denial of\n service (integer underflow and memory corruption) via a crafted entry in\n a tar archive (bsc#931769).\n - CVE-2015-3329: Multiple stack-based buffer overflows in the\n phar_set_inode function in phar_internal.h in PHP allowed remote\n attackers to execute arbitrary code via a crafted length value in a (1)\n tar, (2) phar, or (3) ZIP archive (bsc#928506).\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain\n sensitive information from process memory or cause a denial of service\n (buffer over-read and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar archive, related to\n the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function, a\n related issue to CVE-2015-0231 (bsc#924972).\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and\n earlier, as used in PHP allowed remote attackers to cause a denial of\n service (buffer over-read and application crash) via a crafted GIF image\n that is improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive\n function in phar_object.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n that trigger an attempted renaming of a Phar archive to the name of an\n existing file (bsc#922452).\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the\n Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might\n have allowed context-dependent attackers to execute arbitrary code via a\n large regular expression that leads to a heap-based buffer overflow\n (bsc#921950).\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in ext/enchant/enchant.c in PHP\n allowed remote attackers to execute arbitrary code via vectors that\n trigger creation of multiple dictionaries (bsc#922451).\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in\n ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary\n code via crafted serialized input containing a (1) R or (2) r type\n specifier in (a) DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b) DateTime data\n handled by the php_date_initialize_from_hash function (bsc#918768).\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in\n the Fileinfo component in PHP did not properly handle a certain\n string-length field during a copy of a truncated version of a Pascal\n string, which might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application crash) via a\n crafted file (bsc#917150).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate numerical keys within the\n serialized properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP allowed remote attackers to execute arbitrary code or cause a denial\n of service (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF\n extension in PHP operates on floating-point arrays incorrectly, which\n allowed remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via\n a crafted JPEG image with TIFF thumbnail data that is improperly handled\n by the exif_thumbnail function (bsc#902357).\n - CVE-2014-3669: Integer overflow in the object_custom function in\n ext/standard/var_unserializer.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an argument to the unserialize function that triggers\n calculation of a large length value (bsc#902360).\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the\n mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in\n PHP allowed remote attackers to cause a denial of service (application\n crash) via (1) a crafted first argument to the xmlrpc_set_type function\n or (2) a crafted argument to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed\n local users to write to arbitrary files via a symlink attack on a (1)\n rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to\n the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in\n ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial\n of service (application crash) or possibly execute arbitrary code via a\n crafted DNS record, related to the dns_get_record function and the\n dn_expand function. NOTE: this issue exists because of an incomplete fix\n for CVE-2014-4049 (bsc#893853).\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n iterator usage within applications in certain web-hosting environments\n (bsc#886059).\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain web-hosting\n environments (bsc#886060).\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP\n did not ensure use of the string data type for the PHP_AUTH_PW,\n PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive information from\n process memory by using the integer data type with crafted values,\n related to a "type confusion" vulnerability, as demonstrated by reading\n a private SSL key in an Apache HTTP Server web-hosting environment with\n mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as\n used in the Fileinfo component in PHP allowed remote attackers to cause\n a denial of service (assertion failure and application exit) via a\n crafted CDF file (bsc#884986).\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c\n in file as used in the Fileinfo component in PHP allowed remote\n attackers to cause a denial of service (application crash) via a crafted\n Pascal string in a FILE_PSTRING conversion (bsc#884987).\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as\n used in the Fileinfo component in PHP relies on incorrect sector-size\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF file\n (bsc#884989).\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in\n the Fileinfo component in PHP did not properly validate sector-count\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n - CVE-2014-3487: The cdf_read_property_info function in file as used in\n the Fileinfo component in PHP did not properly validate a stream offset,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that\n certain data structures will have the array data type after\n unserialization, which allowed remote attackers to execute arbitrary\n code via a crafted string that triggers use of a Hashtable destructor,\n related to "type confusion" issues in (1) ArrayObject and (2)\n SPLObjectStorage (bsc#884992).\n\n These non-security issues were fixed:\n - bnc#935074: compare with SQL_NULL_DATA correctly\n - bnc#935074: fix segfault in odbc_fetch_array\n - bnc#919080: fix timezone map\n - bnc#925109: unserialize SoapClient type confusion\n\n", "published": "2016-06-21T13:08:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00041.html", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9767", "CVE-2016-4342", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-5161", "CVE-2015-3329", "CVE-2014-3478", "CVE-2016-4540", "CVE-2016-4538", "CVE-2015-4644", "CVE-2015-8879", "CVE-2015-1352", "CVE-2016-3185", "CVE-2016-4544", "CVE-2015-2301", "CVE-2014-3515", "CVE-2014-3479", "CVE-2015-8867", "CVE-2014-9709", "CVE-2014-4670", "CVE-2015-2305", "CVE-2016-4543", "CVE-2014-3668", "CVE-2015-0273", "CVE-2016-4542", "CVE-2016-4541", "CVE-2014-3480", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2014-0207", "CVE-2016-2554", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-8835", "CVE-2015-4021", "CVE-2014-3487", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-3152", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-6833", "CVE-2014-4721", "CVE-2016-4070", "CVE-2014-4698", "CVE-2015-8874", "CVE-2015-3411", "CVE-2015-4116", "CVE-2014-4049", "CVE-2015-6831", "CVE-2014-3670", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2016-4539", "CVE-2015-6837", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-4073", "CVE-2015-7803", "CVE-2014-5459", "CVE-2015-4603", "CVE-2015-4599", "CVE-2016-5096", "CVE-2015-4598", "CVE-2015-8866", "CVE-2015-5589", "CVE-2016-3141", "CVE-2015-4643", "CVE-2015-8838", "CVE-2016-4346", "CVE-2015-0231", "CVE-2016-5114", "CVE-2004-1019", "CVE-2016-3142", "CVE-2015-6838", "CVE-2016-4537"], "lastseen": "2016-09-04T12:09:51"}], "openvas": [{"id": "OPENVAS:1361412562310120170", "type": "openvas", "title": "Amazon Linux Local Check: alas-2015-494", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120170", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2017-07-24T12:53:40"}, {"id": "OPENVAS:1361412562310869039", "type": "openvas", "title": "Fedora Update for php FEDORA-2015-2315", "description": "Check the version of php", "published": "2015-02-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869039", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2017-07-25T10:52:34"}, {"id": "OPENVAS:1361412562310850640", "type": "openvas", "title": "SuSE Update for php5 openSUSE-SU-2015:0440-1 (php5)", "description": "Check the version of php5", "published": "2015-03-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850640", "cvelist": ["CVE-2015-0273", "CVE-2014-9652"], "lastseen": "2017-12-12T11:16:40"}, {"id": "OPENVAS:1361412562310805685", "type": "openvas", "title": "PHP Multiple Remote Code Execution Vulnerabilities - Jul15 (Linux)", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "published": "2015-07-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805685", "cvelist": ["CVE-2014-9705", "CVE-2015-0273"], "lastseen": "2017-10-25T14:40:55"}, {"id": "OPENVAS:1361412562310120167", "type": "openvas", "title": "Amazon Linux Local Check: alas-2015-493", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120167", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2017-07-24T12:52:42"}, {"id": "OPENVAS:1361412562310805689", "type": "openvas", "title": "PHP Multiple Remote Code Execution Vulnerabilities - Jul15 (Windows)", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "published": "2015-07-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805689", "cvelist": ["CVE-2014-9705", "CVE-2015-0273"], "lastseen": "2017-10-25T14:41:11"}, {"id": "OPENVAS:1361412562310850758", "type": "openvas", "title": "SuSE Update for PHP SUSE-SU-2015:0436-1 (PHP)", "description": "Check the version of PHP", "published": "2015-10-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850758", "cvelist": ["CVE-2015-0273", "CVE-2014-9652", "CVE-2013-6501"], "lastseen": "2017-12-12T11:15:05"}, {"id": "OPENVAS:1361412562310869053", "type": "openvas", "title": "Fedora Update for php FEDORA-2015-2328", "description": "Check the version of php", "published": "2015-03-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869053", "cvelist": ["CVE-2015-0235", "CVE-2015-0273", "CVE-2013-6420", "CVE-2014-0185"], "lastseen": "2017-07-25T10:52:35"}, {"id": "OPENVAS:1361412562310842135", "type": "openvas", "title": "Ubuntu Update for php5 USN-2535-1", "description": "Check the version of php5", "published": "2015-03-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842135", "cvelist": ["CVE-2014-9705", "CVE-2014-8117", "CVE-2015-2301", "CVE-2015-0273"], "lastseen": "2017-12-04T11:22:49"}, {"id": "OPENVAS:703195", "type": "openvas", "title": "Debian Security Advisory DSA 3195-1 (php5 - security update)", "description": "Multiple vulnerabilities have been discovered in the PHP language:\n\nCVE-2015-2305 \nGuido Vranken discovered a heap overflow in the ereg extension\n(only applicable to 32 bit systems).\n\nCVE-2014-9705 \nBuffer overflow in the enchant extension.\n\nCVE-2015-0231 \nStefan Esser discovered a use-after-free in the unserialisation\nof objects.\n\nCVE-2015-0232 \nAlex Eubanks discovered incorrect memory management in the exif\nextension.\n\nCVE-2015-0273 \nUse-after-free in the unserialisation of DateTimeZone.", "published": "2015-03-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703195", "cvelist": ["CVE-2014-9705", "CVE-2015-0232", "CVE-2015-2305", "CVE-2015-0273", "CVE-2015-0231"], "lastseen": "2017-07-24T12:53:10"}], "nessus": [{"id": "ALA_ALAS-2015-494.NASL", "type": "nessus", "title": "Amazon Linux AMI : php55 (ALAS-2015-494) (GHOST)", "description": "A heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nA use-after-free flaw was found in the unserialize() function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory.\n(CVE-2015-0273)", "published": "2015-03-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82043", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2018-04-19T08:07:57"}, {"id": "OPENSUSE-2015-203.NASL", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2015-203)", "description": "php5 was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150).\n\n - CVE-2015-0273: Use after free vulnerability in unserialize() with DateTimeZone (bnc#918768).", "published": "2015-03-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81691", "cvelist": ["CVE-2015-0273", "CVE-2014-9652"], "lastseen": "2017-10-29T13:42:50"}, {"id": "ALA_ALAS-2015-493.NASL", "type": "nessus", "title": "Amazon Linux AMI : php54 (ALAS-2015-493) (GHOST)", "description": "A heap-based buffer overflow was found in glibc's\n__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)\n\nUse after free vulnerability was reported in PHP DateTimeZone.\n(CVE-2015-0273)", "published": "2015-03-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81829", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2018-04-19T07:57:02"}, {"id": "FREEBSD_PKG_F7A9E415BDCA11E4970C000C292EE6B8.NASL", "type": "nessus", "title": "FreeBSD : php5 -- multiple vulnerabilities (f7a9e415-bdca-11e4-970c-000c292ee6b8) (GHOST)", "description": "The PHP Project reports :\n\nUse after free vulnerability in unserialize() with DateTimeZone.\n\nMitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow.", "published": "2015-02-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81559", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2017-10-29T13:39:57"}, {"id": "PHP_5_4_38.NASL", "type": "nessus", "title": "PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)", "description": "According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.38. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235)\n\n - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "published": "2015-02-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81510", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2017-10-29T13:44:32"}, {"id": "PHP_5_5_22.NASL", "type": "nessus", "title": "PHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST)", "description": "According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.22. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235)\n\n - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273)\n\n - An XML External Entity (XXE) flaw exists in the PHP-FPM component due to improper parsing of XML data. A remote attacker can exploit this, via specially crafted XML data, to disclose sensitive information or cause a denial of service. (CVE-2015-8866) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "published": "2015-02-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81511", "cvelist": ["CVE-2015-0235", "CVE-2015-0273", "CVE-2015-8866"], "lastseen": "2017-10-29T13:39:19"}, {"id": "PHP_5_6_6.NASL", "type": "nessus", "title": "PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)", "description": "According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.6. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235)\n\n - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273)\n\n - An XML External Entity (XXE) flaw exists in the PHP-FPM component due to improper parsing of XML data. A remote attacker can exploit this, via specially crafted XML data, to disclose sensitive information or cause a denial of service. (CVE-2015-8866)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "published": "2015-02-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81512", "cvelist": ["CVE-2015-0235", "CVE-2015-0273", "CVE-2015-8866"], "lastseen": "2017-10-29T13:44:48"}, {"id": "SUSE_11_APACHE2-MOD_PHP53-150226.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 10370)", "description": "php5 has been updated to fix two security issues :\n\n - Out of bounds read in mconvert(). (bnc#917150).\n (CVE-2014-9652)\n\n - Use after free vulnerability in unserialize() with DateTimeZone. (bnc#918768). (CVE-2015-0273)", "published": "2015-03-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81665", "cvelist": ["CVE-2015-0273", "CVE-2014-9652", "CVE-2013-6501"], "lastseen": "2017-10-29T13:43:05"}, {"id": "DEBIAN_DSA-3195.NASL", "type": "nessus", "title": "Debian DSA-3195-1 : php5 - security update", "description": "Multiple vulnerabilities have been discovered in the PHP language :\n\n - CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension (only applicable to 32 bit systems).\n\n - CVE-2014-9705 Buffer overflow in the enchant extension.\n\n - CVE-2015-0231 Stefan Esser discovered a use-after-free in the unserialisation of objects.\n\n - CVE-2015-0232 Alex Eubanks discovered incorrect memory management in the exif extension.\n\n - CVE-2015-0273 Use-after-free in the unserialisation of DateTimeZone.", "published": "2015-03-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81926", "cvelist": ["CVE-2014-9705", "CVE-2015-0232", "CVE-2015-2305", "CVE-2015-0273", "CVE-2015-0231"], "lastseen": "2017-10-29T13:41:52"}, {"id": "UBUNTU_USN-2535-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2535-1)", "description": "Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117)\n\nS. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9705)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-0273)\n\nIt was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2301).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-03-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81950", "cvelist": ["CVE-2014-9705", "CVE-2014-8117", "CVE-2015-2301", "CVE-2015-0273"], "lastseen": "2017-10-29T13:42:05"}], "amazon": [{"id": "ALAS-2015-494", "type": "amazon", "title": "Critical: php55", "description": "**Issue Overview:**\n\nA heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. ([CVE-2015-0235 __](<https://access.redhat.com/security/cve/CVE-2015-0235>))\n\nA use-after-free flaw was found in the unserialize() function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. ([CVE-2015-0273 __](<https://access.redhat.com/security/cve/CVE-2015-0273>))\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n php55-gd-5.5.22-1.98.amzn1.i686 \n php55-process-5.5.22-1.98.amzn1.i686 \n php55-soap-5.5.22-1.98.amzn1.i686 \n php55-pgsql-5.5.22-1.98.amzn1.i686 \n php55-cli-5.5.22-1.98.amzn1.i686 \n php55-odbc-5.5.22-1.98.amzn1.i686 \n php55-imap-5.5.22-1.98.amzn1.i686 \n php55-mssql-5.5.22-1.98.amzn1.i686 \n php55-opcache-5.5.22-1.98.amzn1.i686 \n php55-devel-5.5.22-1.98.amzn1.i686 \n php55-bcmath-5.5.22-1.98.amzn1.i686 \n php55-dba-5.5.22-1.98.amzn1.i686 \n php55-mysqlnd-5.5.22-1.98.amzn1.i686 \n php55-xml-5.5.22-1.98.amzn1.i686 \n php55-mcrypt-5.5.22-1.98.amzn1.i686 \n php55-recode-5.5.22-1.98.amzn1.i686 \n php55-common-5.5.22-1.98.amzn1.i686 \n php55-tidy-5.5.22-1.98.amzn1.i686 \n php55-enchant-5.5.22-1.98.amzn1.i686 \n php55-fpm-5.5.22-1.98.amzn1.i686 \n php55-ldap-5.5.22-1.98.amzn1.i686 \n php55-snmp-5.5.22-1.98.amzn1.i686 \n php55-intl-5.5.22-1.98.amzn1.i686 \n php55-pspell-5.5.22-1.98.amzn1.i686 \n php55-pdo-5.5.22-1.98.amzn1.i686 \n php55-5.5.22-1.98.amzn1.i686 \n php55-xmlrpc-5.5.22-1.98.amzn1.i686 \n php55-mbstring-5.5.22-1.98.amzn1.i686 \n php55-embedded-5.5.22-1.98.amzn1.i686 \n php55-debuginfo-5.5.22-1.98.amzn1.i686 \n php55-gmp-5.5.22-1.98.amzn1.i686 \n \n src: \n php55-5.5.22-1.98.amzn1.src \n \n x86_64: \n php55-pspell-5.5.22-1.98.amzn1.x86_64 \n php55-dba-5.5.22-1.98.amzn1.x86_64 \n php55-snmp-5.5.22-1.98.amzn1.x86_64 \n php55-odbc-5.5.22-1.98.amzn1.x86_64 \n php55-xml-5.5.22-1.98.amzn1.x86_64 \n php55-mssql-5.5.22-1.98.amzn1.x86_64 \n php55-debuginfo-5.5.22-1.98.amzn1.x86_64 \n php55-tidy-5.5.22-1.98.amzn1.x86_64 \n php55-opcache-5.5.22-1.98.amzn1.x86_64 \n php55-recode-5.5.22-1.98.amzn1.x86_64 \n php55-process-5.5.22-1.98.amzn1.x86_64 \n php55-xmlrpc-5.5.22-1.98.amzn1.x86_64 \n php55-mysqlnd-5.5.22-1.98.amzn1.x86_64 \n php55-embedded-5.5.22-1.98.amzn1.x86_64 \n php55-imap-5.5.22-1.98.amzn1.x86_64 \n php55-gmp-5.5.22-1.98.amzn1.x86_64 \n php55-5.5.22-1.98.amzn1.x86_64 \n php55-ldap-5.5.22-1.98.amzn1.x86_64 \n php55-bcmath-5.5.22-1.98.amzn1.x86_64 \n php55-soap-5.5.22-1.98.amzn1.x86_64 \n php55-pgsql-5.5.22-1.98.amzn1.x86_64 \n php55-enchant-5.5.22-1.98.amzn1.x86_64 \n php55-gd-5.5.22-1.98.amzn1.x86_64 \n php55-cli-5.5.22-1.98.amzn1.x86_64 \n php55-fpm-5.5.22-1.98.amzn1.x86_64 \n php55-common-5.5.22-1.98.amzn1.x86_64 \n php55-pdo-5.5.22-1.98.amzn1.x86_64 \n php55-mbstring-5.5.22-1.98.amzn1.x86_64 \n php55-mcrypt-5.5.22-1.98.amzn1.x86_64 \n php55-devel-5.5.22-1.98.amzn1.x86_64 \n php55-intl-5.5.22-1.98.amzn1.x86_64 \n \n \n", "published": "2015-03-23T08:29:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-494.html", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2016-09-28T21:04:08"}, {"id": "ALAS-2015-493", "type": "amazon", "title": "Critical: php54", "description": "**Issue Overview:**\n\nA heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. ([CVE-2015-0235 __](<https://access.redhat.com/security/cve/CVE-2015-0235>))\n\nUse after free vulnerability was reported in PHP DateTimeZone. ([CVE-2015-0273 __](<https://access.redhat.com/security/cve/CVE-2015-0273>))\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n php54-5.4.38-1.66.amzn1.i686 \n php54-pspell-5.4.38-1.66.amzn1.i686 \n php54-mcrypt-5.4.38-1.66.amzn1.i686 \n php54-debuginfo-5.4.38-1.66.amzn1.i686 \n php54-common-5.4.38-1.66.amzn1.i686 \n php54-mysql-5.4.38-1.66.amzn1.i686 \n php54-soap-5.4.38-1.66.amzn1.i686 \n php54-mssql-5.4.38-1.66.amzn1.i686 \n php54-mbstring-5.4.38-1.66.amzn1.i686 \n php54-tidy-5.4.38-1.66.amzn1.i686 \n php54-enchant-5.4.38-1.66.amzn1.i686 \n php54-mysqlnd-5.4.38-1.66.amzn1.i686 \n php54-xml-5.4.38-1.66.amzn1.i686 \n php54-pgsql-5.4.38-1.66.amzn1.i686 \n php54-fpm-5.4.38-1.66.amzn1.i686 \n php54-cli-5.4.38-1.66.amzn1.i686 \n php54-imap-5.4.38-1.66.amzn1.i686 \n php54-intl-5.4.38-1.66.amzn1.i686 \n php54-process-5.4.38-1.66.amzn1.i686 \n php54-snmp-5.4.38-1.66.amzn1.i686 \n php54-devel-5.4.38-1.66.amzn1.i686 \n php54-bcmath-5.4.38-1.66.amzn1.i686 \n php54-recode-5.4.38-1.66.amzn1.i686 \n php54-dba-5.4.38-1.66.amzn1.i686 \n php54-ldap-5.4.38-1.66.amzn1.i686 \n php54-embedded-5.4.38-1.66.amzn1.i686 \n php54-gd-5.4.38-1.66.amzn1.i686 \n php54-pdo-5.4.38-1.66.amzn1.i686 \n php54-xmlrpc-5.4.38-1.66.amzn1.i686 \n php54-odbc-5.4.38-1.66.amzn1.i686 \n \n src: \n php54-5.4.38-1.66.amzn1.src \n \n x86_64: \n php54-ldap-5.4.38-1.66.amzn1.x86_64 \n php54-dba-5.4.38-1.66.amzn1.x86_64 \n php54-pspell-5.4.38-1.66.amzn1.x86_64 \n php54-common-5.4.38-1.66.amzn1.x86_64 \n php54-devel-5.4.38-1.66.amzn1.x86_64 \n php54-pdo-5.4.38-1.66.amzn1.x86_64 \n php54-mcrypt-5.4.38-1.66.amzn1.x86_64 \n php54-mysql-5.4.38-1.66.amzn1.x86_64 \n php54-recode-5.4.38-1.66.amzn1.x86_64 \n php54-5.4.38-1.66.amzn1.x86_64 \n php54-enchant-5.4.38-1.66.amzn1.x86_64 \n php54-mssql-5.4.38-1.66.amzn1.x86_64 \n php54-intl-5.4.38-1.66.amzn1.x86_64 \n php54-odbc-5.4.38-1.66.amzn1.x86_64 \n php54-bcmath-5.4.38-1.66.amzn1.x86_64 \n php54-imap-5.4.38-1.66.amzn1.x86_64 \n php54-snmp-5.4.38-1.66.amzn1.x86_64 \n php54-debuginfo-5.4.38-1.66.amzn1.x86_64 \n php54-gd-5.4.38-1.66.amzn1.x86_64 \n php54-tidy-5.4.38-1.66.amzn1.x86_64 \n php54-fpm-5.4.38-1.66.amzn1.x86_64 \n php54-xmlrpc-5.4.38-1.66.amzn1.x86_64 \n php54-embedded-5.4.38-1.66.amzn1.x86_64 \n php54-process-5.4.38-1.66.amzn1.x86_64 \n php54-cli-5.4.38-1.66.amzn1.x86_64 \n php54-pgsql-5.4.38-1.66.amzn1.x86_64 \n php54-mysqlnd-5.4.38-1.66.amzn1.x86_64 \n php54-soap-5.4.38-1.66.amzn1.x86_64 \n php54-xml-5.4.38-1.66.amzn1.x86_64 \n php54-mbstring-5.4.38-1.66.amzn1.x86_64 \n \n \n", "published": "2015-03-13T10:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-493.html", "cvelist": ["CVE-2015-0235", "CVE-2015-0273"], "lastseen": "2016-09-28T21:04:12"}], "ubuntu": [{"id": "USN-2535-1", "type": "ubuntu", "title": "PHP vulnerabilities", "description": "Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117)\n\nS. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9705)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-0273)\n\nIt was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2301)", "published": "2015-03-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2535-1/", "cvelist": ["CVE-2014-9705", "CVE-2014-8117", "CVE-2015-2301", "CVE-2015-0273"], "lastseen": "2018-03-29T18:18:30"}], "debian": [{"id": "DSA-3195", "type": "debian", "title": "php5 -- security update", "description": "Multiple vulnerabilities have been discovered in the PHP language:\n\n * [CVE-2015-2305](<https://security-tracker.debian.org/tracker/CVE-2015-2305>)\n\nGuido Vranken discovered a heap overflow in the ereg extension (only applicable to 32 bit systems).\n\n * [CVE-2014-9705](<https://security-tracker.debian.org/tracker/CVE-2014-9705>)\n\nBuffer overflow in the enchant extension.\n\n * [CVE-2015-0231](<https://security-tracker.debian.org/tracker/CVE-2015-0231>)\n\nStefan Esser discovered a use-after-free in the unserialisation of objects.\n\n * [CVE-2015-0232](<https://security-tracker.debian.org/tracker/CVE-2015-0232>)\n\nAlex Eubanks discovered incorrect memory management in the exif extension.\n\n * [CVE-2015-0273](<https://security-tracker.debian.org/tracker/CVE-2015-0273>)\n\nUse-after-free in the unserialisation of DateTimeZone.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 5.4.38-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been fixed in version 5.6.6+dfsg-2.\n\nFor the unstable distribution (sid), these problems have been fixed in version 5.6.6+dfsg-2.\n\nWe recommend that you upgrade your php5 packages.", "published": "2015-03-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3195", "cvelist": ["CVE-2014-9705", "CVE-2015-0232", "CVE-2015-2305", "CVE-2015-0273", "CVE-2015-0231"], "lastseen": "2016-09-02T18:24:03"}], "kaspersky": [{"id": "KLA10514", "type": "kaspersky", "title": "\r KLA10514Multiple vulnerabilities in PHP and plugins\t\t\t ", "description": "### *CVSS*:\n7.5\n\n### *Detect date*:\n03/30/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service.\n\n### *Affected products*:\nPHP versions earlier than 5.4.39 \nPHP 5.5 versions earlier than 5.5.23 \nPHP 5.6 versions earlier than 5.6.7\n\n### *Solution*:\nUpdate to the latest version \n[Get PHP](<http://php.net/downloads.php>)\n\n### *Original advisories*:\n[PHP changelog](<http://php.net/ChangeLog-5.php>) \n\n\n### *Impacts*:\nCI \n\n### *Related products*:\n[PHP](<https://threats.kaspersky.com/en/product/PHP/>)\n\n### *CVE-IDS*:\n[CVE-2014-9652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652>) \n[CVE-2014-9653](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>) \n[CVE-2014-9705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705>) \n[CVE-2014-9709](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709>) \n[CVE-2015-0273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273>) \n[CVE-2015-1351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351>) \n[CVE-2015-2301](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301>) \n[CVE-2015-2331](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331>) \n[CVE-2015-2348](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348>) \n[CVE-2015-2787](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787>)", "published": "2015-03-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10514", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-2331", "CVE-2014-9653", "CVE-2014-9652", "CVE-2015-1351"], "lastseen": "2018-03-30T14:10:52"}], "redhat": [{"id": "RHSA-2015:1053", "type": "redhat", "title": "(RHSA-2015:1053) Moderate: php55 security and bug fix update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities.\n\nThe php55 packages have been upgraded to upstream version 5.5.21, which\nprovides multiple bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1057089)\n\nThe following security issues were fixed in the php55-php component:\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP's regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory.\n(CVE-2015-1351)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) extension.\nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA NULL pointer dereference flaw was found in PHP's pgsql extension. A\nspecially crafted table name passed to a function such as pg_insert() or\npg_select() could cause a PHP application to crash. (CVE-2015-1352)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.\n(CVE-2014-9427)\n\nAll php55 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the\nhttpd24-httpd service must be restarted for the update to take effect.\n", "published": "2015-06-04T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1053", "cvelist": ["CVE-2014-8142", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2348", "CVE-2015-2787", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601"], "lastseen": "2018-03-28T07:55:45"}, {"id": "RHSA-2015:1218", "type": "redhat", "title": "(RHSA-2015:1218) Moderate: php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "published": "2015-07-09T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1218", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "lastseen": "2017-03-07T05:18:53"}, {"id": "RHSA-2015:1066", "type": "redhat", "title": "(RHSA-2015:1066) Important: php54 security and bug fix update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php54 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a\nnumber of additional utilities.\n\nThe php54 packages have been upgraded to upstream version 5.4.40, which\nprovides a number of bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1168193)\n\nThe following security issues were fixed in the php54-php component:\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP's regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) extension.\nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.\n(CVE-2014-9427)\n\nThe following security issue was fixed in the php54-php-pecl-zendopcache\ncomponent:\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory.\n(CVE-2015-1351)\n\nAll php54 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the httpd\nservice must be restarted for the update to take effect.\n", "published": "2015-06-04T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1066", "cvelist": ["CVE-2014-8142", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-8935"], "lastseen": "2018-03-28T07:55:44"}, {"id": "RHSA-2015:1135", "type": "redhat", "title": "(RHSA-2015:1135) Important: php security and bug fix update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "published": "2015-06-23T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1135", "cvelist": ["CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643"], "lastseen": "2018-04-15T16:22:08"}], "oraclelinux": [{"id": "ELSA-2015-1053", "type": "oraclelinux", "title": "php55 security and bug fix update", "description": "php55\n[2.0-1]\n- fix incorrect selinux contexts #1194336\nphp55-php\n[5.5.21-2.0.1]\n- add dtrace-utils as build dependency\n[5.5.21-2]\n- core: fix use-after-free vulnerability in the\n process_nested_data function (unserialize) CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: fix use after free vulnerability in unserialize()\n with DateTimeZone CVE-2015-0273\n- enchant: fix heap buffer overflow in\n enchant_broker_request_dict() CVE-2014-9705\n- ereg: fix heap overflow in regcomp() CVE-2015-2305\n- opcache: fix use after free CVE-2015-1351\n- phar: fix use after free in phar_object.c CVE-2015-2301\n- pgsql: fix NULL pointer dereference CVE-2015-1352\n- soap: fix type confusion through unserialize #1204868\n[5.5.21-1]\n- rebase to PHP 5.5.21\n[5.5.20-1]\n- rebase to PHP 5.5.20 #1057089\n- fix package name in description\n- php-fpm own session and wsdlcache dir\n- php-common doesn't provide php-gmp", "published": "2016-02-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1053.html", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9427", "CVE-2015-1352", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4147", "CVE-2015-4600", "CVE-2014-9652", "CVE-2015-1351", "CVE-2015-4599", "CVE-2015-0231"], "lastseen": "2016-09-04T11:16:06"}, {"id": "ELSA-2015-1218", "type": "oraclelinux", "title": "php security update", "description": "[5.3.3-46]\n- fix gzfile accept paths with NUL character #1213407\n- fix patch for CVE-2015-4024\n[5.3.3-45]\n- fix more functions accept paths with NUL character #1213407\n[5.3.3-44]\n- soap: missing fix for #1222538 and #1204868\n[5.3.3-43]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4026, #1213407\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: more fix type confusion through unserialize #1222538\n[5.3.3-42]\n- soap: more fix type confusion through unserialize #1204868\n[5.3.3-41]\n- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425\n- core: fix use-after-free in unserialize CVE-2015-2787\n- exif: fix free on unitialized pointer CVE-2015-0232\n- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709\n- date: fix use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize", "published": "2015-07-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1218.html", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "lastseen": "2016-09-04T11:15:55"}, {"id": "ELSA-2015-1066", "type": "oraclelinux", "title": "php54 security and bug fix update", "description": "php54\n[2.0-1]\n- fix incorrect selinux contexts #1194332\nphp54-php\n[5.4.40-1]\n- rebase to PHP 5.4.40 for various security fix #1209887\n[5.4.37-1]\n- rebase to PHP 5.4.37\n[5.4.36-1]\n- rebase to PHP 5.4.36 #1168193\n- fix package name in description\n- php-fpm own session dir\nphp54-php-pecl-zendopcache\n[7.0.4-3]\n- fix use after free CVE-2015-1351\n[7.0.4-2]\n- add upstream patch for failed test\n[7.0.4-1]\n- Update to 7.0.4\n[7.0.3-1]\n- update to 7.0.3 #1055927", "published": "2016-02-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1066.html", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2014-9427", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-2305", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4602", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-1351", "CVE-2015-4599", "CVE-2015-0231"], "lastseen": "2016-09-04T11:17:05"}, {"id": "ELSA-2015-1135", "type": "oraclelinux", "title": "php security and bug fix update", "description": "[5.4.16-36]\n- fix more functions accept paths with NUL character #1213407\n[5.4.16-35]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330\n[5.4.16-34]\n- fix memory corruption in fileinfo module on big endian\n machines #1082624\n- fix segfault in pdo_odbc on x86_64 #1159892\n- fix segfault in gmp allocator #1154760\n[5.4.16-33]\n- core: use after free vulnerability in unserialize()\n CVE-2014-8142 and CVE-2015-0231\n- core: fix use-after-free in unserialize CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- exif: free called on unitialized pointer CVE-2015-0232\n- fileinfo: fix out of bounds read in mconvert CVE-2014-9652\n- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize\n[5.4.16-31]\n- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710\n[5.4.16-29]\n- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668\n- core: fix integer overflow in unserialize() CVE-2014-3669\n- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670\n[5.4.16-27]\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm().\n CVE-2014-2497\n- gd: fix NUL byte injection in file names. CVE-2014-5120\n- fileinfo: fix extensive backtracking in regular expression\n (incomplete fix for CVE-2013-7345). CVE-2014-3538\n- fileinfo: fix mconvert incorrect handling of truncated\n pascal string size. CVE-2014-3478\n- fileinfo: fix cdf_read_property_info\n (incomplete fix for CVE-2012-1571). CVE-2014-3587\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- network: fix segfault in dns_get_record\n (incomplete fix for CVE-2014-4049). CVE-2014-3597\n[5.4.16-25]\n- fix segfault after startup on aarch64 (#1107567)\n- compile php with -O3 on ppc64le (#1123499)", "published": "2015-06-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1135.html", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2013-7345", "CVE-2015-2783", "CVE-2015-3329", "CVE-2014-3478", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-3587", "CVE-2012-1571", "CVE-2014-9709", "CVE-2014-4670", "CVE-2014-3668", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-4021", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2014-3710", "CVE-2015-4602", "CVE-2015-4026", "CVE-2014-4698", "CVE-2015-4147", "CVE-2015-3411", "CVE-2014-4049", "CVE-2015-4604", "CVE-2014-3670", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2014-2497", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "lastseen": "2016-09-04T11:16:57"}], "centos": [{"id": "CESA-2015:1218", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:1218\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021237.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1218.html", "published": "2015-07-09T19:23:41", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "lastseen": "2017-10-03T18:26:33"}, {"id": "CESA-2015:1135", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:1135\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021191.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-mysqlnd\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1135.html", "published": "2015-06-24T03:28:02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021191.html", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643", "CVE-2015-0231"], "lastseen": "2017-10-03T18:26:04"}], "gentoo": [{"id": "GLSA-201606-10", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker can possibly execute arbitrary code or create a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.5.33\"\n \n\nAll PHP 5.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.5.33\"\n \n\nAll PHP 5.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.6.19\"", "published": "2016-06-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201606-10", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4644", "CVE-2015-6834", "CVE-2015-1352", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4642", "CVE-2015-4148", "CVE-2015-4025", "CVE-2015-4021", "CVE-2015-6836", "CVE-2015-4026", "CVE-2015-6833", "CVE-2015-4147", "CVE-2015-6831", "CVE-2015-4022", "CVE-2015-6837", "CVE-2015-7803", "CVE-2015-1351", "CVE-2015-6835", "CVE-2013-6501", "CVE-2015-4643", "CVE-2015-0231", "CVE-2015-6832", "CVE-2015-6838", "CVE-2015-7804"], "lastseen": "2016-09-06T19:47:07"}]}}