php -- multiple vulnerabilities

2015-09-03T00:00:00
ID 3D675519-5654-11E5-9AD8-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2015-09-08T00:00:00

Description

PHP reports:

Core:

Fixed bug #70172 (Use After Free Vulnerability in unserialize()). Fixed bug #70219 (Use after free vulnerability in session deserializer).

EXIF:

Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

hash:

Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

PCRE:

Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).

SOAP:

Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).

SPL:

Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).

XSLT:

Fixed bug #69782 (NULL pointer dereference).

ZIP:

Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).