Issue Overview:
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Affected Packages:
php
Issue Correction:
Run yum update php to update your system.
New Packages:
i686:
php-gd-5.3.29-1.8.amzn1.i686
php-soap-5.3.29-1.8.amzn1.i686
php-xmlrpc-5.3.29-1.8.amzn1.i686
php-debuginfo-5.3.29-1.8.amzn1.i686
php-devel-5.3.29-1.8.amzn1.i686
php-cli-5.3.29-1.8.amzn1.i686
php-mcrypt-5.3.29-1.8.amzn1.i686
php-dba-5.3.29-1.8.amzn1.i686
php-mssql-5.3.29-1.8.amzn1.i686
php-bcmath-5.3.29-1.8.amzn1.i686
php-mbstring-5.3.29-1.8.amzn1.i686
php-snmp-5.3.29-1.8.amzn1.i686
php-pdo-5.3.29-1.8.amzn1.i686
php-intl-5.3.29-1.8.amzn1.i686
php-imap-5.3.29-1.8.amzn1.i686
php-common-5.3.29-1.8.amzn1.i686
php-tidy-5.3.29-1.8.amzn1.i686
php-fpm-5.3.29-1.8.amzn1.i686
php-ldap-5.3.29-1.8.amzn1.i686
php-5.3.29-1.8.amzn1.i686
php-recode-5.3.29-1.8.amzn1.i686
php-xml-5.3.29-1.8.amzn1.i686
php-mysqlnd-5.3.29-1.8.amzn1.i686
php-process-5.3.29-1.8.amzn1.i686
php-odbc-5.3.29-1.8.amzn1.i686
php-pgsql-5.3.29-1.8.amzn1.i686
php-pspell-5.3.29-1.8.amzn1.i686
php-mysql-5.3.29-1.8.amzn1.i686
php-embedded-5.3.29-1.8.amzn1.i686
php-enchant-5.3.29-1.8.amzn1.i686
src:
php-5.3.29-1.8.amzn1.src
x86_64:
php-common-5.3.29-1.8.amzn1.x86_64
php-mysqlnd-5.3.29-1.8.amzn1.x86_64
php-gd-5.3.29-1.8.amzn1.x86_64
php-xml-5.3.29-1.8.amzn1.x86_64
php-devel-5.3.29-1.8.amzn1.x86_64
php-pspell-5.3.29-1.8.amzn1.x86_64
php-5.3.29-1.8.amzn1.x86_64
php-debuginfo-5.3.29-1.8.amzn1.x86_64
php-pdo-5.3.29-1.8.amzn1.x86_64
php-enchant-5.3.29-1.8.amzn1.x86_64
php-odbc-5.3.29-1.8.amzn1.x86_64
php-fpm-5.3.29-1.8.amzn1.x86_64
php-snmp-5.3.29-1.8.amzn1.x86_64
php-mcrypt-5.3.29-1.8.amzn1.x86_64
php-intl-5.3.29-1.8.amzn1.x86_64
php-pgsql-5.3.29-1.8.amzn1.x86_64
php-mysql-5.3.29-1.8.amzn1.x86_64
php-dba-5.3.29-1.8.amzn1.x86_64
php-mbstring-5.3.29-1.8.amzn1.x86_64
php-cli-5.3.29-1.8.amzn1.x86_64
php-recode-5.3.29-1.8.amzn1.x86_64
php-soap-5.3.29-1.8.amzn1.x86_64
php-embedded-5.3.29-1.8.amzn1.x86_64
php-process-5.3.29-1.8.amzn1.x86_64
php-bcmath-5.3.29-1.8.amzn1.x86_64
php-mssql-5.3.29-1.8.amzn1.x86_64
php-tidy-5.3.29-1.8.amzn1.x86_64
php-imap-5.3.29-1.8.amzn1.x86_64
php-xmlrpc-5.3.29-1.8.amzn1.x86_64
php-ldap-5.3.29-1.8.amzn1.x86_64
Red Hat: CVE-2015-2305
Mitre: CVE-2015-2305
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | php-gd | < 5.3.29-1.8.amzn1 | php-gd-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-soap | < 5.3.29-1.8.amzn1 | php-soap-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-xmlrpc | < 5.3.29-1.8.amzn1 | php-xmlrpc-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-debuginfo | < 5.3.29-1.8.amzn1 | php-debuginfo-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-devel | < 5.3.29-1.8.amzn1 | php-devel-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-cli | < 5.3.29-1.8.amzn1 | php-cli-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-mcrypt | < 5.3.29-1.8.amzn1 | php-mcrypt-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-dba | < 5.3.29-1.8.amzn1 | php-dba-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-mssql | < 5.3.29-1.8.amzn1 | php-mssql-5.3.29-1.8.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | php-bcmath | < 5.3.29-1.8.amzn1 | php-bcmath-5.3.29-1.8.amzn1.i686.rpm |