Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3689-1:75CF1
HistoryOct 08, 2016 - 1:53 p.m.

[SECURITY] [DSA 3689-1] php5 security update

2016-10-0813:53:04
lists.debian.org
24

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA-3689-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
October 08, 2016 https://www.debian.org/security/faq

Package : php5
CVE ID : CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127
CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131
CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413
CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

The vulnerabilities are addressed by upgrading PHP to the new upstream
version 5.6.26, which includes additional bug fixes. Please refer to the
upstream changelog for more information:

https://php.net/ChangeLog-5.php#5.6.25
https://php.net/ChangeLog-5.php#5.6.26

For the stable distribution (jessie), these problems have been fixed in
version 5.6.26+dfsg-0+deb8u1.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7i386libphp5-embed< 5.4.45-0+deb7u5libphp5-embed_5.4.45-0+deb7u5_i386.deb
Debian8mipsphp5-cgi< 5.6.26+dfsg-0+deb8u1php5-cgi_5.6.26+dfsg-0+deb8u1_mips.deb
Debian8arm64php5-cgi< 5.6.26+dfsg-0+deb8u1php5-cgi_5.6.26+dfsg-0+deb8u1_arm64.deb
Debian8mipsphp5-snmp< 5.6.26+dfsg-0+deb8u1php5-snmp_5.6.26+dfsg-0+deb8u1_mips.deb
Debian7amd64php5-imap< 5.4.45-0+deb7u5php5-imap_5.4.45-0+deb7u5_amd64.deb
Debian8arm64php5-gmp< 5.6.26+dfsg-0+deb8u1php5-gmp_5.6.26+dfsg-0+deb8u1_arm64.deb
Debian7allphp-pear< 5.4.45-0+deb7u5php-pear_5.4.45-0+deb7u5_all.deb
Debian8kfreebsd-i386php5-curl< 5.6.26+dfsg-0+deb8u1php5-curl_5.6.26+dfsg-0+deb8u1_kfreebsd-i386.deb
Debian7armhfphp5-xmlrpc< 5.4.45-0+deb7u6php5-xmlrpc_5.4.45-0+deb7u6_armhf.deb
Debian8arm64php5-mcrypt< 5.6.26+dfsg-0+deb8u1php5-mcrypt_5.6.26+dfsg-0+deb8u1_arm64.deb
Rows per page:
1-10 of 6301

Related

cloudfoundry 1
suse 12
openvas 22
debian 2
nessus 37
ibm 2
osv 1
ubuntu 1
fedora 2
amazon 2
mageia 1
slackware 2
archlinux 1
freebsd 2
f5 10
ubuntucve 16
gentoo 1
debiancve 16
prion 16
redhatcve 16
veracode 7
checkpoint_advisories 1
alpinelinux 7
cve 16
hackerone 3
seebug 1
redhat 1
cloudfoundry
cloudfoundry
USN-3095-1 PHP vulnerabilities | Cloud Foundry
2016-10-04 00:00:00
suse
suse
Security update for php53 (important)
2016-10-05 18:12:21
Security update for php5 (important)
2016-11-01 16:07:21
Security update for php5 (important)
2016-10-07 21:12:50
openvas
openvas
Debian Security Advisory DSA 3689-1 (php5 - security update)
2016-10-08 00:00:00
Debian Security Advisory DSA 3689-1 (php5 - security update)
2016-10-08 00:00:00
PHP Multiple Vulnerabilities - 02 - Sep16 (Linux)
2016-09-12 00:00:00
debian
debian
[SECURITY] [DSA 3689-1] php5 security update
2016-10-08 13:53:04
[SECURITY] [DLA 749-1] php5 security update
2016-12-16 21:48:18
nessus
nessus
Debian DSA-3689-1 : php5 - security update
2016-10-10 00:00:00
SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1)
2016-10-06 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : PHP vulnerabilities (USN-3095-1)
2016-10-05 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities
2018-06-18 01:34:05
Security Bulletin: Vulnerabilities in OpenSSL and PHP affect IBM Tealeaf Customer Experience (CVE-2016-2107, CVE-2016-6290, CVE-2016-7125)
2018-06-16 20:05:19
osv
osv
php5 - security update
2016-12-16 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2016-10-04 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: php-5.6.26-1.fc23
2016-09-28 04:52:34
[SECURITY] Fedora 24 Update: php-5.6.26-1.fc24
2016-09-27 03:58:11
amazon
amazon
Medium: php56
2016-10-12 17:00:00
Medium: php70
2016-10-12 17:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2016-09-25 18:45:31
slackware
slackware
[slackware-security] php
2016-09-23 23:31:48
[slackware-security] php
2016-09-08 22:38:27
archlinux
archlinux
php: multiple issues
2016-09-18 00:00:00
freebsd
freebsd
PHP -- multiple vulnerabilities
2016-09-16 00:00:00
PHP -- multiple vulnerabilities
2016-09-15 00:00:00
f5
f5
SOL30216728 - Multiple PHP vulnerabilities
2016-11-01 00:00:00
K30216728 : Multiple PHP vulnerabilities
2016-11-02 00:00:00
K89002224 : PHP vulnerability CVE-2016-7127
2016-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2016-7132
2016-09-11 00:00:00
CVE-2016-7126
2016-09-12 00:00:00
CVE-2016-7413
2016-09-17 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-11-30 00:00:00
debiancve
debiancve
CVE-2016-7413
2016-09-17 21:59:00
CVE-2016-7129
2016-09-12 01:59:00
CVE-2016-7411
2016-09-17 21:59:00
prion
prion
Deserialization of untrusted data
2016-09-17 21:59:00
Heap overflow
2016-09-17 21:59:00
Out-of-bounds
2016-09-12 01:59:00
redhatcve
redhatcve
CVE-2016-7412
2016-09-19 12:48:52
CVE-2016-7126
2016-09-09 13:18:47
CVE-2016-7414
2016-09-19 13:18:49
veracode
veracode
Denial Of Service (DoS)
2019-05-16 02:59:58
Use After Free
2019-05-16 02:59:58
Heap-Based Buffer Overflow
2019-05-16 02:59:58
checkpoint_advisories
checkpoint_advisories
PHP WDDX Deserialization Use After Free (CVE-2016-7413)
2016-09-27 00:00:00
alpinelinux
alpinelinux
CVE-2016-7413
2016-09-17 21:59:00
CVE-2016-7412
2016-09-17 21:59:00
CVE-2016-7414
2016-09-17 21:59:00
cve
cve
CVE-2016-7414
2016-09-17 21:59:00
CVE-2016-7124
2016-09-12 01:59:00
CVE-2016-7411
2016-09-17 21:59:00
hackerone
hackerone
Internet Bug Bounty: Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)
2016-10-17 12:11:52
Internet Bug Bounty: CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element
2016-09-20 02:33:52
Internet Bug Bounty: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128)
2016-08-18 01:06:22
seebug
seebug
SugarCRM v6. 5. 23 PHP deserialize an object injection vulnerability
2016-09-12 00:00:00
redhat
redhat
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for DEBIAN:DSA-3689-1:75CF1
cloudfoundry1suse12openvas22debian2nessus37ibm2osv1ubuntu1fedora2amazon2mageia1slackware2archlinux1freebsd2f510ubuntucve16gentoo1debiancve16prion16redhatcve16veracode7checkpoint_advisories1alpinelinux7cve16hackerone3seebug1redhat1