[SECURITY] [DLA 444-1] php5 security update

2016-02-2918:41:39

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.1%

JSON

Package : php5
Version : 5.3.3.1-7+squeeze29
CVE ID : CVE-2015-2305 CVE-2015-2348

CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry
Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on
32-bit platforms, as used in NetBSD through 6.1.5 and other
products, might allow context-dependent attackers to execute
arbitrary code via a large regular expression that leads to
a heap-based buffer overflow.
CVE-2015-2348
The move_uploaded_file implementation in
ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x
before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon
encountering a \x00 character, which allows remote attackers to
bypass intended extension restrictions and create files with
unexpected names via a crafted second argument.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2006-7243.
CVE-2016-tmp, Bug #71039
exec functions ignore length but look for NULL termination
CVE-2016-tmp, Bug #71089
No check to duplicate zend_extension
CVE-2016-tmp, Bug #71201
round() segfault on 64-bit builds
CVE-2016-tmp, Bug #71459
Integer overflow in iptcembed()
CVE-2016-tmp, Bug #71354
Heap corruption in tar/zip/phar parser
CVE-2016-tmp, Bug #71391
NULL Pointer Dereference in phar_tar_setupmetadata()
CVE-2016-tmp, Bug #70979
Crash on bad SOAP request

OSVersionArchitecturePackageVersionFilename
Debian7powerpclibphp5-embed< 5.4.39-0+deb7u1libphp5-embed_5.4.39-0+deb7u1_powerpc.deb
Debian7kfreebsd-i386php5-curl< 5.4.39-0+deb7u1php5-curl_5.4.39-0+deb7u1_kfreebsd-i386.deb
Debian7powerpcphp5-pspell< 5.4.39-0+deb7u1php5-pspell_5.4.39-0+deb7u1_powerpc.deb
Debian7mipsellibapache2-mod-php5filter< 5.4.39-0+deb7u1libapache2-mod-php5filter_5.4.39-0+deb7u1_mipsel.deb
Debian7mipselphp5-mysql< 5.4.39-0+deb7u1php5-mysql_5.4.39-0+deb7u1_mipsel.deb
Debian7kfreebsd-i386php5-dbg< 5.4.39-0+deb7u1php5-dbg_5.4.39-0+deb7u1_kfreebsd-i386.deb
Debian7kfreebsd-amd64php5-cgi< 5.4.39-0+deb7u1php5-cgi_5.4.39-0+deb7u1_kfreebsd-amd64.deb
Debian7kfreebsd-i386php5-enchant< 5.4.39-0+deb7u1php5-enchant_5.4.39-0+deb7u1_kfreebsd-i386.deb
Debian6amd64php5-xsl< 5.3.3.1-7+squeeze29php5-xsl_5.3.3.1-7+squeeze29_amd64.deb
Debian7sparcphp5-gd< 5.4.39-0+deb7u1php5-gd_5.4.39-0+deb7u1_sparc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	powerpc	libphp5-embed	< 5.4.39-0+deb7u1	libphp5-embed_5.4.39-0+deb7u1_powerpc.deb
Debian	7	kfreebsd-i386	php5-curl	< 5.4.39-0+deb7u1	php5-curl_5.4.39-0+deb7u1_kfreebsd-i386.deb
Debian	7	powerpc	php5-pspell	< 5.4.39-0+deb7u1	php5-pspell_5.4.39-0+deb7u1_powerpc.deb
Debian	7	mipsel	libapache2-mod-php5filter	< 5.4.39-0+deb7u1	libapache2-mod-php5filter_5.4.39-0+deb7u1_mipsel.deb
Debian	7	mipsel	php5-mysql	< 5.4.39-0+deb7u1	php5-mysql_5.4.39-0+deb7u1_mipsel.deb
Debian	7	kfreebsd-i386	php5-dbg	< 5.4.39-0+deb7u1	php5-dbg_5.4.39-0+deb7u1_kfreebsd-i386.deb
Debian	7	kfreebsd-amd64	php5-cgi	< 5.4.39-0+deb7u1	php5-cgi_5.4.39-0+deb7u1_kfreebsd-amd64.deb
Debian	7	kfreebsd-i386	php5-enchant	< 5.4.39-0+deb7u1	php5-enchant_5.4.39-0+deb7u1_kfreebsd-i386.deb
Debian	6	amd64	php5-xsl	< 5.3.3.1-7+squeeze29	php5-xsl_5.3.3.1-7+squeeze29_amd64.deb
Debian	7	sparc	php5-gd	< 5.4.39-0+deb7u1	php5-gd_5.4.39-0+deb7u1_sparc.deb