PHP 5.5.x < 5.5.26 / 5.6.x < 5.6.10 Multiple Vulnerabilities

Versions of PHP 5.5.x prior to 5.5.26, or 5.6.x prior to 5.6.10 are exposed to the following vulnerabilities :

• Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the ‘compile_branch()’ and ‘pcre_compile2()’ functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)
• A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414)
• A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the ‘sqlite3VdbeExec()’ function in ‘vdbe.c’. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)
• A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the ‘sqlite3VXPrintf()’ function in ‘printf.c’. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)
• A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the ‘\0’ character with a safe file extension, to bypass access restrictions. (CVE-2015-4598)
• An arbitrary command injection vulnerability exists due to a flaw in the ‘php_escape_shell_arg()’ function in ‘exec.c’. A remote attacker can exploit this, via the ‘escapeshellarg()’ PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)
• A heap buffer overflow condition exists in the ‘ftp_genlist()’ function in ‘ftp.c’. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643)
• A denial of service vulnerability exists due to a NULL pointer dereference flaw in the ‘build_tablename()’ function in ‘pgsql.c’. An authenticated, remote attacker can exploit this to cause an application crash. (CVE-2015-4644)